DOI QR코드

DOI QR Code

Verification of a Function-based Security Authentication Protocol for Implantable Medical Devices

함수 기반의 체내 삽입장치용 보안 인증프로토콜 검증

  • Bae, WooSik (Dept. of AIS Center, Ajou Motor College) ;
  • Han, KunHee (Dept. of Information Communication Engineering, Baekseok University)
  • Received : 2013.03.07
  • Accepted : 2014.05.20
  • Published : 2014.05.28

Abstract

Recent advancement of USN technology has lent itself to the evolving communication technology for implantable devices in the field of medical service. The wireless transmission section for communication between implantable medical devices and patients is a cause of concern over invasion of privacy, resulting from external attackers' hacking and thus leakage of private medical information. In addition, any attempt to manipulate patients' medical information could end up in serious medical issues. The present study proposes an authentication protocol safe against intruders' attacks when RFID/USN technology is applied to implantable medical devices. Being safe against spoofing, information exposure and eavesdropping attacks, the proposed protocol is based on hash-function operation and adopts session keys and random numbers to prevent re-encryption. This paper verifies the security of the proposed protocol using the formal verification tool, Casper/FDR.

최근 USN 기술의 발전으로 의료기술 분야에서 서비스를 받을 수 있는 체내 삽입장치 통신기술이 많은 발전을 하고 있다. 체내 삽입장치(Implantable Medical Device)는 환자와 장비사이에 무선으로 전송되는 구간이 있어서 외부 공격자의 해킹으로 인한 환자의 개인 의료정보 유출사고로 프라이버시 침해 발생이 우려되고 있다. 또한 환자의 의료 정보를 조작할 경우 심각한 의료 문제가 발생할 수 있다. 본 논문에서는 체내 삽입장치에 RFID/USN 기술을 이용할 때 공격자의 공격에 안전한 인증프로토콜을 제안한다. 해시함수 기반으로 연산하며 세션키와 난수를 도입하여 재 암호화를 방지하고 스푸핑공격, 정보노출 및 도청공격에 안전하며 이를 증명하기 위해 정형검증 도구인 Casper/FDR 도구를 이용하여 보안성을 검증 실험하였으며 안전함이 확인되었다.

Keywords

References

  1. M. H. Yang, H. Y. Hu, Protocol for ownership transfer across authorities: with the ability to assign transfer targety. Security Comm. Networks Vol. 5, 164-177, 2012. https://doi.org/10.1002/sec.300
  2. D. W. Kim, J. W. Han, and K. I. Chung, Trend of Home Device Authentication/ Authorization Technology. Weekly IT BRIEF, No. 1329, pp. 1-11, 2008.
  3. Yu-Yi Chen, Jun-Chao Lu, Jinn-Ke Jan, A Secure EHR System Based on Hybrid Clouds. J Med Syst, Vol. 6, pp. 3375-3384, 2012.
  4. M. M. Morshed, A. A. H. Yu, An Efficient and Secure Authentication Protocol for RFID Systems. Proceedings of the 17th International Conference on Automation & Computing (ICAC'11), University of Huddersfield, Huddersfield, UK, 10 September, pp. 51-56, 2011.
  5. He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. doi: 10.1007/s10916-011-9658-5, 2011.
  6. Wei, J.,Hu, X.,Liu, W., An Improved Authentication Scheme for Telecare Medicine Information Systems., J. Med. Syst. doi: 10.1007/s10916-012-9835-1, 2012.
  7. B. Alomair, L. Lazos, and R. Poovendran, Securing Low-Cost RFID Systems: An Unconditionally Secure Approach. J. Computer Security, Vol. 19, No. 2, pp. 229-256, 2011. https://doi.org/10.3233/JCS-2010-0406
  8. B. Alomair and R. Poovendran, Privacy Versus Scalability in Radio Frequency Identification Systems. Computer Comm., Vol. 33, No. 18, pp. 2155-2163, 2010. https://doi.org/10.1016/j.comcom.2010.08.006
  9. G. Lowe. Casper: A compiler for the analysis of security protocols. User Manual and Tutorial. Version 1.12 2009.
  10. Oxford University Computing Laboratory. FDR2 User Manual, 19th October 2010.
  11. J.E. Song et al., Security Issues and Its Technology Trends in u-Healthcare. ETRI, Electronics and Telecommunications Trends, Vol.22, No.1, 2007.
  12. C.A.R Hoare. Communicating Sequential Processes. Prentice-Hall. 1985.
  13. B. H. Kim, I. T. Ryoo, RFID Mutual Authentication Protocol Against Reflection Attack, THE JOURNAL OF KOREA INFORMATION AND COMMUNICATIONS SOCIETY, Vol. 32, No 3, pp. 348-354, 2007.
  14. H. S. Ahn, K. D. B, E. J. Yoon, I. G. Nam, RFID Mutual Authentication Protocol Providing Stronger Security. The KIPS Transactions : Part C Vol. 16.C, No. 3, pp. 325-334, 2009. https://doi.org/10.3745/KIPSTC.2009.16-C.3.325