Please use this identifier to cite or link to this item:
Security Mechanisms for Network Communications in Medical Mobile Computing Environment
|引用:||Ateniese, G., Cutmola, R., Meideiros, B. de, and Davis, D., “Medical Information Privacy Assurance: Cryptographic and System Aspects,” Third Conference on Security in Communication Networks, Amalfi, Italy, pp. 199-218, 2002. Ball, E., Chadwick, D.W., and Mundy, D., “Patient Privacy in Electronic Prescription Transfer,” IEEE Security & Privacy Magazine, Vol. 1, No. 2, pp. 77-80, 2003. Chaum, D., and Heyst, E. van, “Group signatures,” In proceedings of Advances in Cryptology - Eurocrypt 1991, Vol. 547 of LNCS, pp. 257-265, Springer-Verlag, 1991. Chan, A. T.S., Cao, J., Chan, H., and Young, G., “A Web-Enabled Framework for Smart Card Application in Health Services,” Communications of the ACM, Vol. 44, No. 9, pp. 77-82, 2001. Chen, C.-L., Chen, Y.-Y., and Chen, Y.-H., “Group-based Authentication to Protect Digital Content for Business Applications,” International Journal of Innovative Computing, Information and Control, Vol. 5, No. 5, pp. 1243-1251, 2009. Cao, F., and Cao, Z., “A secure identity-based proxy multi-signature scheme,” Information Sciences, Vol. 179, No. 3, pp. 292-302, 2009. Diffie, W., and Hellman, M., “New directions in cryptology,” IEEE Transaction on Information Theory, Vol. 22, No. 6, pp. 644-654, 1976. Dolin, R. H., Rishel, W., Biron, P. V., Spinosa, J., and Mattison, J. E., “SGML and XML as Interchange Formats for HL7 Messages,” Journal of the American Medical Informatics Association, pp. 720-724, 1998. Dolin, R. H., Alschuler, L., Beebe, C., Biron, P. V., Boyer, S. L., Essin, D., Kimber, E., Lincoln, T., and Mattison, J. E., “The HL7 Clinical Document Architecture,” Journal of the American Medical Informatics Association, Vol. 8, No. 6, 2001. ElGamal, T., “A Public Key Cryptosystem and Signature Scheme based on Discrete Logarithms,” IEEE Transactions on Information, Vol. 31, No. 4, pp. 469-472, 1985. Guthery, S. B., and Jurgensen, T. M., “SmartCard Developer''s Kit, Macmillan Technical Publishing,” ISBN 1-57870-027-2, available at http://www.scdk.com, 1998. Gritzalis, S., Lambrinoudakis, C., Lekkas, D., and Deftereos, S., “Technicl Guidelines for Enhancing Privacy and Data Protection in Modern Electronic Medical Environments,” IEEE Transactions on Information Technology in Biomedicine, Vol. 9, No. 3, pp. 413-423, 2005. Huston, T., “Security Issues for Implementation of E-Medical Records,” Communications of the ACM, Vol. 44, No. 9, 2001. Hsu, C.-C., and Ho, C.-S., “A new hybrid case-based architecture for medical diagnosis,” Information Sciences, Vol. 166, No. 1-4, pp. 231-247, 2004. Hong, X., “Efficient threshold proxy signature protocol for mobile agents,” Information Sciences, Vol. 179, No. 24, pp. 4243-4248, 2009. Huang, K.-H., Hsieh, S.-H., Chang, Y.-J., Lai, F., Hsieh, S.-L., and Lee, H.-H., “Application of portable CDA for secure clinical-document exchange,” Journal of Medical Systems, Vol. 34, No. 4, pp. 531-539, 2010. Jones, D., “Smart cards for the people,” Card Technology Today, Vol. 15, No. 3, pp. 16-16(1), 2003. Le, X. H., Lee, S., Lee, Y.-K., Lee, H., Khalid, M., and Sankar, R., “Activity-oriented access control to ubiquitous hospital information and services,” Information Sciences, Vol. 180, No. 16, pp. 2979-2990, 2010. Mambo, M., Usnda, K., and Okamoto, E., “Proxy signatures: Delegation of the power to sign message,” IEICE transactions on fundamentals of electronics, communications and computer sciences, E79-A, Vol. 9, pp. 1338-1354, 1996. National Institute of Standards and Technology, “Digital signature standard,” Technical report, 1994. Rivest, R. L., Shamir, A., and Adleman, L., “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120-126, 1978. Rankl, W., and Effing, W., “Smart Card Handbook,” John Wiley & Sons, ISBN 0-471-96720-3, 1997. Rash, M.C., “Privacy Concerns Hinder Electronic Medical Records,” The Business Journal of the Greater Triad Area, 2005. Stallings, W., “Cryptography and network security: principal and practices,” Prentice Hall, 4th Edition, 2005. Takeda, H., Matsumura, Y., and Kuwata, S., “Architecture for networked electronic patient record systems,” International Journal of Medical Informatics, Vol. 60, No. 2, pp. 161-167, 2000. Tsumoto, S., “Mining diagnostic rules from clinical databases using routh sets and medical diagnostic model,” Information Sciences, Vol. 162, No. 2, pp. 65-80, 2004. Um, K. S., Kwak, Y. S., Cho, H., and Kim, I. K., “Development of an HL7 interface engine, based on tree structure and streaming algorithm, for large-size messages which include image data,” Computer Methods and Programs in Biomedicine, Vol. 80, pp. 126-140, 2005. Ulieru, M., Hadzic, M., and Chang, E., “Soft computing agents for e-Health in application to the research and control of unknown diseases,” Information Sciences, Vol. 176, No. 9, pp. 1190-1214, 2006. Wang, D.W., Liu, D.R., and Chen, Y.C., “A Mechanism to Verify the Integrity of Computer-Based Patient Records,” The Journal of China Association for Medical Informatics, No. 10, pp. 71-84, 1999. Yang, Y., Han, X., Bao, F., and Deng, R. H., “A Smart-Card-Enabled Privacy Preserving E-Prescription System,” IEEE Transactions on Information Technology in Biomedicine, Vol. 8, No. 1, pp. 47-58, 2004. Yee, G., Korba, L., and Song, R., “Ensuring Privacy for E-Health Services,” In Proceedings of the First International Conference on Availability, Reliability and Security, pp.20-22 Apr. 2006, Vienna University of Technology, Austria, 2006. Partnership for Solutions, Chronic Conditions: Making the Case for Ongoing Care, Johns Hopkins University, 2004. Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., and Cyirci, E., “A Survey on Sensor Networks,” IEEE Communications Magazine, Vol. 40, No. 8, pp. 102 -114, 2002. Jansen, M. B. and Eradus, W., “Future Developments on Devices for Animal Radio Frequency Identification,” Computer and Electronics in Agriculture, Vol. 24, No. 1-2, pp. 109-117, 1999. Simmons, G. J., “Contemporary Cryptology: The Science of Information Integrity,”IEEE, 1992. Chang, C. C. and Wu, T. C., “Remote Password Authentication with Smart Cards,” IEEE Computers and Digital Techniques, Vol. 138, No. 3, pp. 165-168, 1991. Falas, T. and Kashani, H., “Two-Dimensional Bar-Code Decoding with Camera-Equipped Mobile Phones,” Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 597-600, 2007. Hwang, M. S., “A Remote Login Authentication Scheme Based on the Digital Signature Method,” International Journal of Computer Mathematics, Vol. 70, No. 4, pp. 657-666, 1999. Hwang, M. S., “Cryptanalysis of a Remote Login Authentication Scheme,” Computer Communications, Vol. 22, No. 8, pp. 742-744, 1999. Hwang, T. L., Chen, Y. W., and Laih, C. S., “Non-interactive Password Authentications without Password Tables,” IEEE Region 10 Conference on Computer and Communication System, pp. 429-431, 1990. Hwang, M. S. and Li, L. H., “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000. Wong, K. H. M., Zheng, Y., Cao, J., and Wang, S., “A Dynamic User Authentication Scheme for Wireless Sensor Networks,” IEEE International Conference on Sensor Network Ubiquitous, and Trustworthy Computing, Vol. 1, pp. 318-327, 2006. Tseng, H. R., Jan, R. H., and Yang, W., “An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks,” IEEE on Global Telecommunications Conference, pp. 986-990, 2007. Das, M. L., “Two-Factor User Authentication in Wireless Sensor Networks,” IEEE Transactions on Wireless Communications, Vol. 8, No. 3, pp. 1086-1090, 2009. Khan, M. K., and Alghathbar, K., “Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks',” Sensors, Vol. 10, No. 3, pp. 2450-2459, 2010. Vaidya, B., Makrakis, D., and Mouftah, H. T., “Improved Two-Factor User Authentication in Wireless Sensor Networks,” IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications, pp. 600-606, 2010. Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., and Kruus, P., “TinyPK: Securing Sensor Networks with Public Key Technology,” Proceding of the 2nd ACM Workshop Security of Ad Hoc Sensor Networks, pp. 59-64, 2004 Wu, F. N., Li, I. H., and Liao, I. E., “A Traffic Load-Aware Energy Efficient Protocol for Wireless Sensor Networks,” Proceeding of the International Conference on Mobile Technology, Applications, and System, 2008. Chang, C. C., Hwang, R. J., and Wu, T. C., “Cryptographic Key Assignment Scheme for Access Control in a Hierarchy,” Information Systems, 17(3), pp. 243-247, 1992. Lin, Chu-Hsing, Lee,Wei, and Ho, Yi-Kang, “An Efficient Hierarchical Key Management Scheme Using Symmetric Encryptions,” 19th International Conference on Advanced Information Networking and Applications, 2(28-30), pp. 399-402, 2005. Yang, Cungang, Li, C., and Cheung, R., “Cryptographic Key Management Solution in a Role Hierarchy,” Canadian Conference on Electrical and Computer Engineering, 1(2-5), pp. 575-578, 2004. Knuth, D. E., The Art of Computer Programming, Vol. 2: Seminumerical Algorithms (3rd ed.). Massachusetts: Addison-Wesley, 1997. Wen, J. H., Sheu, J. S., and Chen, T. S., “Cryptographic Key Assignment Scheme for Overcoming the Incorrectness of the CHW Scheme,” IEE Proceedings—Communications, 148(4), pp. 260-264, 2001. Jan, J. K. and Tseng, Y. M., “Two Integrated Schemes of User Authentication and Access Control in a Distributed Computer Network,” IEE Proceedings—Computers and Digital Techniques, 145(6), pp. 419-424, 1998.  Tan, K., Gu, S., and Zhu, H., “Correctness of CHW Cryptographic Key Assignment Scheme in a Hierarchy,” IEE Proceedings—Computers and Digital Techniques, 146(4), pp. 217-218, 1999. Hwang, M. S., Chang, C. C., and Yang, W. P., “Modified Chang-Hwang-Wu Access Control Scheme,” IEE Electronics Letters, Vol. 29, pp. 2095-2096, 1993. Selim, G. Akl and Peter, D. Taylor, “Cryptographic Solution to a Problem of Access Control in a Hierarchy,” ACM Transactions on Computer Systems, 1(3), pp. 239-248, 1983. Stephen, J. MacKinnon, Peter, D. Taylor, Henk, Meijer, and Selim, G. Akl, “An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy,” IEEE Transactions on Computers, 34(9), pp. 797-802, 1985. Wang, Shyh-Yih and Laih, Chi-Sung, “Merging: An Efficient Solution for a Time-Bound Hierarchical Key Assignment Scheme,” IEEE Transactions on Dependable and Secure Computing, 3(1), pp. 91-100, 2006. Chen, T. S., Huang, K. S., and Chung, Y. F., “Modified Cryptographic Key Assignment Scheme for Overcoming the Incorrectness of the CHW Scheme,” Applied Mathematics and Computation, 159(1), pp. 147-155, 2004. Lu, W. P. and Sundareshan, M. K., “A model for Multilevel Security in Computer Networks,” IEEE Transactions on Software Engineering, 16(6), pp. 647-659, 1990. Atallah, M. J., Blanton, M., Fazio, N. and Frikken, K. B., “Dynamic and Efficient Key Management for Access Hierarchies,” ACM Transactions on Information and System Security, 12(3), pp. 18:1-18:43, 2009. Chung, Y. F., Lee, H. H., Lai, F. and Chen, T. S., “Access Control in User Hierarchy based on Elliptic Curve Cryptosystem,” Information Sciences, 178(1), pp. 230-243, 2008. Giri, D. and Srivastava, P. D., “A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security,” International Journal of Network Security, 7(2), pp. 223-234, 2008.|
Due to modern medical advances and patient''s consciousness promotion, urban and countryside compete for the medical resources distribution that could cause the situation of medical material disequilibrium. With different situations and regions that could derive from the dissimilar medical environment and resource allocation problems, those issues caused some areas lack of medical materials. Besides, that also results in patient's treatment, such as medical treatment delays and resources distribution wastes. At present, except for hospitals and other dispensaries, people need not only to solve part of area's medical insufficient problems, but to maintain considerably medical standards and demands. For example, while patients are in dangerous conditions which need medical handling and remote districts, resources distribution issue and facilities establishment faultiness could cause patients' life-long injure and death. If people is given some medical recommendations or information in that moment, that could avoid unnecessary damages and death. A modern hospital owns the center of integrity medical record management. All of these medical records provided with law protection and patient privacy security. Therefore, for ensuring the relevance medical data could transmit safety on the Internet and guaranteeing those information's privacy and integrity. It requires authentication to ensure these privacy information not to be obtained by illegal person. The information should be protected includes the patient's treatment records and clinical diagnosis research, which related to patient's privacy. Therefore, this paper is divided into three aspects to integrate medical operational environments, the application of wireless sensor network technology and security authentication, which combined with access control to integrate the whole medical environment. First, using authentication to not only integrate medical environment, but to resist different kinds of malicious attacks, such as Password-guessing attack, Replay attack, Stolen-verifier attack or Impersonation attack. Second, the scheme, which includes a time-bounded characteristic that allows the verified staff to access data without the needs to re-authenticate and re-login into the system within a set period of time. Consequently, the time-bounded property also increases the work efficiency of the system administrators and users. Finally, using hierarchical key management to solve the problems of key production in the organization and the issues of access control; simultaneously, it controlled resources and confidential files to proceed the effectively access control to avoid personal information accessing without unauthorized. Therefore, it provides good medical service quality and takes care of patient's obligation to ensure the patient's family and patient's right. It will be worthy of topic for discussion to confer presently.
|Appears in Collections:||資訊科學與工程學系所|
Show full item record
TAIR Related Article
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.