Journal of the Korea Industrial Information Systems Research (한국산업정보학회논문지)

Korea Society of Industrial Information Systems (한국산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

An UHISRL design to protect patient's privacy and to block its illegal access based on RFID

환자의 프라이버시 보호와 불법 접근 차단을 위한 RFID 기반 UHISRL 설계

  • Received : 2014.03.26
  • Accepted : 2014.05.28
  • Published : 2014.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes the UHISRL(Ubiquitous Healthcare Information System based on Real Time Location) which manages patient, doctor, medicine by using RFID. The proposed UHISRL monitors the patient's health state, and enables us to confirm the result with Smart Phone and Tablet PC. Also, it can block Replay and Spoofing attack by using the ERHL(Extended Randomized Hash Lock) authentication scheme designed in this paper. A patient privacy is enhanced by limiting UHISRL DB access according to attributes with CP-ABE (Cipher Text - Attributed based Encryption) technique. Specially, UHISRL can prevent an unexpected accident by monitoring a chronic patient's emergency situation in real time.

본 논문은 RFID를 이용하여 환자, 의료진, 의약품을 관리하는 UHISRL(Ubiquitous Healthcare Information System based on Real Time Location)을 제안하였다. 제안하는 UHISRL은 환자의 건강상태를 모니터링하고, 그 결과를 스마트 폰과 태블릿 PC로 확인할 수 있다. 또한, 본 논문에서 설계된 ERHL(Extended Randomized Hash Lock) 인증 기법을 사용하여 재전송공격과 스푸핑 공격을 차단하였고, 환자의 프라이버시는 CP-ABE(Cipher Text - Attributed based Encryption)기법을 이용하여 UHISRL DB 접근을 속성에 따라 제한함으로써 보안을 강화시켰다. 특히, UHISRL는 만성질환자의 응급 상황을 실시간으로 모니터링 함으로써 불의의 사고를 방지할 수 있도록 하였다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. A. Sahai and B. Waters, "Fuzzy Identity Based Encryption", In Advances in Cryptology-Eurocrypt, LNCS 3494, pp.475- 473, 2005.
  2. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute based Encryption for Fine-Grained Access Control of Encrypted Data", CCS'06 Proceedings of the 13th ACM Conference on Computer and Communications Security, 30 October 2006, pp.89-98.
  3. J. Bethencourt, A. Sahai, and B. Water, "Ciphertext - Policy Attribute - Based Encryption", In Proceedings of 2007 IEEE Symposium on Security and Privacy, 20-23 May 2007, pp. 321-334.
  4. Jong-Min Jeong, Tae-Kyoung Kwon, "Security Extension for Content-Centric Networks with Attribute-Based Encryption", Telecommunications Technology Association, the 6th Telecommunication Standardization, pp.78-93, 2010.
  5. Youjin Song, Kwangyong Park, "Attribute based encryption technology", Review of KIISC, Vol.20, No.2, pp.85-92, 2010.
  6. L. Cheung and C. Newport, "Provably secure ciphertext policy ABE", CCS'07 Proceedings of the 14th ACM Conference on Computer and Communications Security, 28 October 2007, pp.456-465.
  7. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W.Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems", Security in Pervasive Computing 2003, LNCS 2802, pp.201-212, 2003.
  8. Juseok Shin, Sejin Oh, Cheolho Jeong, Kyungho Chung, Kwangseon Ahn, "Improved An RFID Mutual Authentication Protocol Based on Hash Function", The Journal of KICS, Vol.37-C, No.3, pp.241-250, 2012. https://doi.org/10.7840/KICS.2012.37C.3.241
  9. Dae-Jung Kim, Moon-Seog Jun, "Design of RFID Mutual Authentication Protocol using One Time Random Number", Journal of KIISE: Information Networking, Vol.35, No.3, pp.243-250, 2008.
  10. Jin-Seob Shin, Young-Ho Park, "An Authentication Protocol using the EXOR and the Hash Function in RFID/USN", Journal of the Korea Industrial Information Systems Research, Vol.12, No. 2, pp.24-29, 2007.
  11. Walid I. Khedr, "SRFID: A hash-based security scheme for low cost RFID systems", Egyptian Informatics Journal, Vol.14, Issue 1, pp.89-98, 2013 https://doi.org/10.1016/j.eij.2013.02.001
  12. Md Monzur Morshed, Anthony Atkins and Hongnian Yu, "Secure ubiquitous authentication protocols for RFID systems", EURASIP Journal on Wireless Communications and Networking, Vol.93, pp.1-13, 2012
  13. Diabetes Data, http://archive.ics.uci.edu/ml/datasets/Diabetes