Radio frequency identification (RFID) technology is being used widely in the last few years. Its applications classifies into auto identification and data capturing issues. The purpose of this paper is to design and implement RFID active tags and reader using microcontroller ATmega328 and 433 MHz RF links. The paper also includes a proposed mutual authentication protocol between RFID reader and active tags with ownership transfer stage. Our protocol is a mutual authentication protocol with tag’s identifier updating mechanism. The updating mechanism has the purpose of providing forward security which is important in any authentication protocol to prevent the attackers from tracking the past transactions of the compromised tags. The proposed protocol gives the privacy and security against all famous attacks that RFID system subjected for due to the transfer of data through unsecure wireless channel, such as replay, denial of service, tracking and cloning attacks. It also ensures ownership privacy when the ownership of the tag moves to a new owner.
A wireless body area network (WBAN) connects separate sensors in many places of the human body, such as clothes, under the skin. WBAN can be used in many domains such as health care, sports, and control system. In this paper, a scheme focused on managing a patient’s health care is presented based on building a WBAN that consists of three components, biometric sensors, mobile applications related to the patient, and a remote server. An excellent scheme is proposed for the patient’s device, such as a mobile phone or a smartwatch, which can classify the signal coming from a biometric sensor into two types, normal and abnormal. In an abnormal signal, the device can carry out appropriate activities for the patient without requiring a doctor as a first case. The patient does not respond to the warning message in a critical case sometimes, and the personal device sends an alert to the patient’s family, including his/her location. The proposed scheme can preserve the privacy of the sensitive data of the patient in a protected way and can support several security features such as mutual authentication, key management, anonymous password, and resistance to malicious attacks. These features have been proven depending on the Automated Validation of Internet Security Protocols and Applications. Moreover, the computation and communication costs are efficient compared with other related schemes.
Preserving privacy and security plays a key role in allowing each component in the healthcare system to access control and gain privileges for services and resources. Over recent years, there have been several role-based access control and authentication schemes, but we noticed some drawbacks in target schemes such as failing to resist well-known attacks, leaking privacy-related information, and operational cost. To defeat the weakness, this paper proposes a secure electronic healthcare record scheme based on Schnorr Signcryption, crypto hash function, and Distributed Global Database (DGDB) for the healthcare system. Based on security theories and the Canetti-Krawczyk model (CK), we notice that the proposed scheme has suitable matrices such as scalability, privacy preservation, and mutual authentication. Furthermore, findings from comparisons with comparable schemes reveal that the suggested approach provides greater privacy and security characteristics than the other schemes and has enough efficiency in computational and communicational aspects.
This work addresses the critical need for secure and patient-controlled Electronic Health Records (EHR) migration among healthcare hospitals’ cloud servers (HHS). The relevant approaches often lack robust access control and leave data vulnerable during transfer. Our proposed scheme empowers patients to delegate EHR migration to a trusted Third-Party Hospital (TTPH); which is the Certification Authority (CA) while enforcing access control. The system leverages asymmetric encryption utilizing the Elliptic Curve Digital Signature Algorithm (ECDSA), EEC and ECDSA added robust security and lightness EHR sharing. Patient and user privacy is managed due to anonymity through cryptographic hashing for data protection and utilizes mutual authentication for secure communication. Formal security analysis using the Scyther tool and informal analysis was conducted to validate the system’s robustness. The proposed scheme achieved EHR integrity due to the verification of the communicated HHS and ensuring the integrity of the HHS digital certificate during EHR migration. Ultimately, the result achieved in the proposed work demonstrated the scheme’s high balance between data security and accuracy of communication, where the best result obtained represented 7.7/ ms as computational cost and 1248 /bits as communication cost compared with the relevant approaches.