بررسی طرح‌های احراز هویت در سامانه‌های اطلاعات پزشکی مراقبت از راه دور

نوع مقاله : مقاله مروری

نویسندگان

1 دانشیار، مهندسی برق و کامپیوتر، دانشکده‌ی مهندسی برق و کامپیوتر، دانشگاه صنعتی اصفهان، اصفهان، ایران

2 دانشیار، مهندسی کامپیوتر، دانشکده‌ی مهندسی کامپیوتر، دانشگاه تربیت دبیر شهید رجائی تهران، تهران، ایران

3 دکترا، مهندسی برق و کامپیوتر، دانشکده‌ی مهندسی برق و کامپیوتر، دانشگاه صنعتی اصفهان، اصفهان، ایران

4 استادیار، مهندسی برق و کامپیوتر، دانشکده‌ی مهندسی برق و کامپیوتر، دانشگاه صنعتی اصفهان، اصفهان، ایران

چکیده

مقاله مروری




مقدمه: پیشرفت‌های فناوری مبتنی بر اینترنت اشیاء، زندگی انسان‌ها را متحول کرده است و نظارت از راه دور بر سلامت بیماران نیز از این امر مستثنی نیست. توسعه‌ی شبکه‌ی بی‌سیم بدن، نقش کلیدی در پایش سلامت ایفا ‌‌می‌کنند. شبکه‌ی بی‌سیم بدن شامل حسگرهای پزشکی است که قابلیت تعبیه بر روی بدن بیمار را دارند و علائم حیاتی بیماران را اندازه‌گیری نموده و آن‌ها را از طریق کانال بی‌سیم به سرورهای پزشکی ارسال می‌کنند. بنابراین، اطلاعات حساس ارسالی بیماران که بر روی کانال ارسال شده ‌است، می‌تواند در برابر حملات مختلف آسیب‌پذیر باشد. بنابراین امنیت در پزشکی از راه دور همواره یک چالش بوده است. از این‌رو، طراحی پروتکل‌های امنیتی احراز هویت سبک‌وزن با کمترین هزینه‌ به یک چالش تبدیل شده است.
نتیجه‌گیری: در این مقاله، به معرفی سامانه‌های اطلاعات پزشکی مراقبت از راه دور، شبکه‌ی بی‌سیم بدن، پروتکل‌های احراز هویت، معیارهای عملکرد و خصوصیات امنیتی این طرح‌ها پرداخته شده‌است. همچنین، طرح‌های احراز هویتی که اخیراً ارائه ‌شده، معرفی‌ گردیده است.
مشاهده ‌شده است که میزان عملکرد هر یک از طرح‌های احراز هویت وابسته به مقاومت هر طرح در برابر حملات موجود، ویژگی‌های امنیتی، هزینه‌های محاسباتی و غیره است. در این مقاله به معرفی حملات مطرح در سامانه‌های اطلاعات پزشکی مراقبت از راه دور و خصوصیات امنیتی طرح‌های احراز هویت پرداخته ‌شده است. یکی از موضوعات مهم دیگر که مورد مطالعه و تمرکز پژوهشگران در حوزه امنیت بوده است، کاهش سربار محاسباتی با استفاده از سامانه‌های رمزنگاری سبک‌وزن است که این کاهش سربار محاسباتی منجر به کاهش امنیت در پروتکل‌های حاضر نشود.

تازه های تحقیق

سید محمد دخیل علیان: Google Scholar

معصومه صفخانی: Google Scholar

بهزاد نظری: Google Scholar

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

Investigation of Authentication Schemes in Telecare Medicine Information Systems

نویسندگان [English]

  • Seyed Mohammad Dakhilalian 1
  • Masoumeh Safkhani 2
  • Fatemeh Pirmoradian 3
  • Behzad Nazari 4
1 Associate Professor, Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, Iran
2 Associate professor, Department of Computer Engineering, Shahid Rajaee Teacher Training University Tehran, Iran
3 PhD, Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, Iran
4 Assistant Professor, Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan. Iran
چکیده [English]

Background: Technological advancements based on the Internet of Things have revolutionized human life, and remote monitoring of patient health is no exception. Telecare medicine information systems are systems between home healthcare organizations and patients at home that allow doctors and patients to view medical data electronically. The development of a wireless body network plays a key role in health monitoring. The body's wireless network includes medical sensors that can be embedded in the patient's body, measure the patient vital signs, and send them to medical servers through a wireless channel. Therefore, security in telemedicine has always been a challenge. As cyber-attacks proliferate, we should expect users to take strict measures to protect their information. Thus, the design of lightweight authentication security protocols with the lowest cost has become a major challenge. In this article, we have limited our focus to reviewing the types of authentication protocols presented recently.
Conclusion: In this article, the concepts of TMIS were first examined, and the necessity of creating these systems is introduced. Also, the recently presented authentication schemes were introduced. It was observed that the performance of each authentication scheme depends on the resistance against existing attacks, security features, computing costs, etc. Today, we see the presentation of many protocols in the field of TMIS. However, in addition to the rapid development and progress of these protocols, it should be taken into account that security threats and new attacks are not separated from this speed of technology. As a result, researchers in network security should investigate security protocols to ensure that there is no security threat to them in the worst case.

کلیدواژه‌ها [English]

  • Internet of Things
  • System
  • Privacy
  1. Safkhan, M, Camara C, Peris-Lopez P. Bagheri N. RSEAP2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications 2021; 28: 100311.
  2. Safkhani M, Bagheri M. Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. Journal of Supercomputing 2017; 73: 3579-85.
  3. Amintoosi H, Nikooghadam M, Shojafar M, Kumari S, Alazab M. Slight: A lighweight authentication scheme for smart healthcare services. Computers and Electrical Engineering 2022; 99: 107803.
  4. Dadkhah P, Dakhilalian M, Rastegari P. Security analysis and improvement of an access control scheme for wireless body area networks. ISeCure 2023; 15(3): 35-42.
  5. Safkhani M, Servati MR. ECCbAS: An ECC based authentication scheme for healthcare IoT systems. Pervasive and Mobile Computing 2023; 90: 101753.
  6. Meshram Ch, Obaidat MS, Ibrahim RW, Meshram SG, Raikwar AV. An efficient privacy-preserved authentication technique based on conformable fractional chaotic map for TMIS under smart homes environments. J Supercomput 2024; 80: 2514–37.
  7. Nikkhah F. Improving the privacy security of telecare medical information systems [in Persian]. [MSc Thesis]. Tehran, Iran: Shahid Rajaee University; 2020.
  8. Pirmoradian F. Design and security analysis of authentication protocols used in Telecare Medicine Information Systems (TMIS) [in Persian]. [Thesis]. Isfahan, Iran: University of Technology; 2023.
  9. Sowjanya K, Dasgupta M, Ray S. An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. Int J Inf Secur 2020; 19: 129-46.
  10. Xiong H, Tao J, Yuan C. Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 2017; 5: 5648-61.
  11. Mehmood Z, Ghani A, Chen G, Alghamdi AS. Authentication and secure key management in e-health services: a robust and efficient protocol using biometrics. IEEE Access 2019; 7: 113385-97.
  12. Liu J, Zhang L, Sun R. 1- RAAP: an efficient 1-round anonymous authentication protocol for wireless body area networks. Sensors 2016; 16(5): 728.
  13. Li X, Peng J, Kumari S, Wu F, Karuppiah M, Raymond Choo KK. An enhanced 1-round authentication protocol for wireless body area networks with user anonymity Computers and Electrical Engineering 2017; 61: 238–49.
  14. Chiou SY, Chang SY. An enhanced authentication scheme in mobile RFID system. Ad Hoc Networks 2018; 71: 1-13.
  15. Deebak BD, Al-Turjman F. Smart mutual authentication protocol for cloud based medical healthcare systems using internet of medical thing. IEEE Journal on Selected Areas in Communications 2020; 39(2): 346-60.
  16. Chandrakar P, Om H. Cryptanalysis and improvement of a biometric-based remote user authentication protocol usable in a multiserver environment. Transactions on Emerging Telecommunication Technologies 2017; 28(12): e3200.
  17. Yessad N, Bouchelaghem S, Ouada FS, Omar M. Secure and reliable patient body motion based authentication approach for medical body area networks. Passive and Mobile Computing 2017; 42: 351-70.
  18. Wu F, Li X, Kumari S, Karuppiah M, Shen J. A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Computer and Electrical Engineering 2017; 63: 168–81.
  19. Pirmoradian F, Dakhilalian SM, Safkhani M. ECKCI: An ECC-based Authenticated Key Agreement (AKA) scheme resistant to Key Compromise Impersonation Attack for TMIS. The ISC International Journal of Information Security 2024; 16(2): 115-36.
  20. Li C, Shih DH, Wang CC. Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Comput Methods Programs Biomed 2018; 157: 191-203.
  21. Mohit P, Amin R, Karati A, Biswas GP. A standard mutual authentication protocol for cloud computing based health care systems. J Med Syst 2017; 1(4): 50.
  22. Qi M, Chen J, Chen Y. A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC. Comput Methods Programs Biomed 2018; 164: 101-9.
  23. Amin R, Hafizul Islam SK, Biswas GP, Khurram Khan M, Kumar N. A robust and anonymous patient monitoring systme using wireless medical sensor networks. Future Generation Computer Systems 2018; 80: 483-95.
  24. Ravanbakhsh N, Nazari N. An efficient improvement remote user mutual authentication and session key agreement scheme for e-healthcare systems. Multimed Tools Appl 2019; 77: 55-88.
  25. Ostad-Sharif A, Abbasinezhad-Mood D, Nikooghadam M. An enhanced anonymous and unlinkable user authentication and key agreement proocol for TMIS by utilization of ECC. International Journal of Communication Systems 2019; 32(5): e3913.
  26. Nikooghadam M, Amintoosi H. An improved secure authentication and key agreement scheme for healthcare applications. Proceedings of the 25th International Computer Conference, Computer Society of Iran (CSISS), Tehran, Iran: IEEE; 2020.
  27. Karthigaiveni M, Indrani B. An efficient two-factor authentication scheme with key agreement for IoT based E-health care application using smart card. J Ambient Intell Human Comput 2019.
  28. Alzahrani BA. Secure and efficient cloud-based iot authenticated key agreement scheme for e-health wireless sensor network. Arabian Journal for Science and Engineering 2020; 46: 3017-32.
  29. Jia X, He D, Kumar N, Choo KKR. Authenticated key agreement scheme for fog-driven IoT healthcare system. Wireless Networks 2019; 25: 4737-50.
  30. Li X, Chen T, Cheng Q, Ma J. An efficient and authenticated key establishment scheme based on fog computing for healthcare system. Front Comput Sci 2012; 16: 164815.
  31. Pirmoradian F, Safkhani M, Dakhilalian SM. ECCPWS:An ECC-based protocol for WBAN systems. Computer Networks 2023; 224: 109598.
  32. Mehmood Z, Ghani A, Chen G, Alghamdi AS. Authentication and secure key management in e-health services: a robust and efficient protocol using biometrics. IEEE Access 2019; 7: 113385-97.
  33. Alzahrani BA, Chaudhry SA, Barnawi A, Al-Barakati A, Shon M. An anonymous device to device authentication protocol using ecc and self certified public keys usable in internet of thingd based autonomous devices. Electronics 2020; 9(3): 520.
  34. Hajian R, Haghighat A, Erfani SH. A secure anonymous D2D mutual authentication and key agreement protocol for IoT. Internet of Things 2022; 18: 100493.
  35. Son S, Park Y, Park Y. A secure, lightweight, and anonymous user authentication protocol for IoT environments. Sustainability 2021; 13(16): 9241.
  36. Hosseinzadeh M, Hussain M, Safkhani M, Bagheri N, Hoang Le Q, Taghtiz L, Mosavi AH. Toward designing a secure authentication protocol for IoT environments. Sustainability 2023; 15(7): 5934.
  37. Guo Y, Guo Y. CS-LAKA: A lightweight authenticated key agreement protocol with critical security properties for iot environments. IEEE Transactions on Services Computing 2019; 16(6): 4102-14.