ABSTRACT
Electronic healthcare (e-health) systems have received renewed interest, particularly in the current COVID-19 pandemic (e.g., lockdowns and changes in hospital policies due to the pandemic). However, ensuring security of both data-at-rest and data-in-transit remains challenging to achieve, particularly since data is collected and sent from less insecure devices (e.g., patients' wearable or home devices). While there have been a number of authentication schemes, such as those based on three-factor authentication, to provide authentication and privacy protection, a number of limitations associated with these schemes remain (e.g., (in)security or computationally expensive). In this study, we present a privacy-preserving three-factor authenticated key agreement scheme that is sufficiently lightweight for resource-constrained e-health systems. The proposed scheme enables both mutual authentication and session key negotiation in addition to privacy protection, with minimal computational cost. The security of the proposed scheme is demonstrated in the Real-or-Random model. Experiments using Raspberry Pi show that the proposed scheme achieves reduced computational cost (of up to 89.9% in comparison to three other related schemes).
ABSTRACT
Contactless authentication is crucial to keep social distance and prevent bacterial infection. However, existing authentication approaches, such as fingerprinting and face recognition, leverage sensors to verify static biometric features. They either increase the probability of indirect infection or inconvenience the users wearing masks. To tackle these problems, we propose a contactless behavioral biometric authentication mechanism that makes use of heterogeneous sensors. We conduct a preliminary study to demonstrate the feasibility of finger snapping as a natural biometric behavior. A prototype-SnapUnlock system was designed and implemented for further real-world evaluation in various environments. SnapUnlock adopts the principle of contrastive-based representation learning to effectively encode the features of heterogeneous readings. With the representations learned, enrolled samples trained with the classifier can achieve superior performances. We extensively evaluate SnapUnlock involving 50 participants in different experimental settings. The results show that SnapUnlock can achieve a 4.2% average false reject rate and 0.73% average false accept rate. Even in a noisy environment, our system performs similar results.
ABSTRACT
Data has been collected and stored for thousands of years. Securing data during the digital age has remained difficult. Research shows that in 2018 there was over 33 zettabytes of data, which is approximately an equivalent to 129 billion 256GB mobile devices of data. Risk management in recent years has made attempts at balancing data security risks with organizational business and budgetary requirements. This research examines high probability data security threats and mitigations. It then reports on the threats in connection with the top United States healthcare data breaches reported during the COVID outbreak to the Health and Human Services (HHS) between June 11, 2020 and June 11, 2021. The data analysis shows that there were nine breaches of over a million affected individuals reported to HHS affecting 15,936,679 individuals in total. Five-million individuals is approximately larger than the populations of Los Angeles, New York, and Chicago combined. We connect the common security risks with the reports of these incidents to gain insights into common network security concerns and inform future network architectures and risk mitigations. © 2021 IEEE.
ABSTRACT
Electronic healthcare (e-health) systems have received renewed interest, particularly in the current COVID-19 pandemic (e.g., lockdowns and changes in hospital policies due to the pandemic). However, ensuring security of both data-at-rest and data-in-transit remains challenging to achieve, particularly since data is collected and sent from less insecure devices (e.g., patients wearable or home devices). While there have been a number of authentication schemes, such as those based on three-factor authentication, to provide authentication and privacy protection, a number of limitations associated with these schemes remain (e.g., (in)security or computationally expensive). In this study, we present a privacy-preserving three-factor authenticated key agreement scheme that is sufficiently lightweight for resource-constrained e-health systems. The proposed scheme enables both mutual authentication and session key negotiation in addition to privacy protection, with minimal computational cost. The security of the proposed scheme is demonstrated in the Real-or-Random model. Experiments using Raspberry Pi show that the proposed scheme achieves reduced computational cost (of up to 89.9\% in comparison to three other related schemes). IEEE
ABSTRACT
In the recent COVID-19 situation, Telecare Medical Information System (TMIS) is attracting attention. TMIS is one of the technologies used in Wireless Body Area Network (WBAN) and can provide patients with a variety of remote healthcare services. In TMIS environments, sensitive data of patients are communicated via an open channel. An adversary may attempt various security attacks including impersonation, replay, and forgery attacks. Therefore, numberous authentication schemes have been suggested to provide secure communication for TMIS. Sahoo et al. proposed a mutual authentication scheme based on biometrics and Elliptic Curve Cryptography (ECC) in 2020. However, we find out that Sahoo et al.’s scheme cannot resist insider and privileged insider attacks and cannot guarantee patient anonymity. In this paper, we propose a secure ECC-based three-factor mutual authentication protocol that guarantees the privacy of patients for TMIS. We conduct informal security analysis to prove that our protocol is secure from various security attacks. In addition, we perform formal security analyses using the Automated Validation of Internet Security Protocols and Applications (AVISPA), Burrows-Abadi-Needham (BAN) logic, and the Real-Or-Random (ROR) model. Furthermore, we assess our protocol’s performance and compare it to other protocols. As a result, our protocol has lower communication costs, and better security features compared to related existing protocols. Therefore, our protocol is more appropriate for TMIS environments than other related protocols. Author
ABSTRACT
The rapid proliferation of embedded devices has led to the growth of the Internet of Things (IoT) with applications in numerous domains such as home automation, healthcare, education and agriculture. However, many of the connected devices particularly in smart homes are the target of attacks that try to exploit security vulnerabilities such as hard-coded passwords and insecure data transfer. Recent studies show that there is a considerable surge in the number of phishing attacks targeting smart homes during the COVID-19 pandemic. Moreover, many of the existing user authentication protocols in the literature incur additional computational overhead and need to be made more resilient to smart home targeted attacks. In this paper, we propose a novel lightweight and privacy-preserving remote user authentication protocol for securing smart home applications. Our approach is based on Photo Response Non-Uniformity (PRNU) to make our protocol resilient to smart home attacks such as smartphone capture attacks and phishing attacks. In addition, the lightweight nature of our solution is suitable for deployment on heterogeneous and resource constrained IoT devices. Besides, we leverage geometric secret sharing for establishing mutual authentication among the participating entities. We validate the security of the proposed protocol using the AVISPA formal verification tool and prototype it on a Raspberry Pi to analyze the power consumption. Finally, a comparison with existing schemes reveals that our scheme incurs a 20% reduction in communication overhead on smart devices. Furthermore, our proposed scheme is usable as it absolves users from memorizing passwords and carrying smart cards. Author
ABSTRACT
In this paper, a new natural human interaction authentication method has been proposed for the Internet of Things (IoT) devices. In this method the user draws doodles on-air for authentication. On-air drawing, refers to virtually drawing free hand-drawn doodles passwords through hand gestures on the air without touching anything which is recommended during COVID-19. This work uses Google Quick Draw doodles dataset for password doodles. The proposed method is based on a usual video camera, two lightweight Convolutional Neural Networks (CNN) and Kalman filter. The first CNN for hand gestures classification to overcome dynamic hand gestures challenges on the air. The second CNN for authentication verification. Kalman filter is used to correct and smooth the drawn line path on the air. To accept the new authentication method, it must achieve two main goals security and usability. The evaluation of the usability was based on ISO 9241-11:2018 standards usability model. The results revealed that the accuracy of the proposed authentication method is 95% and, the efficiency is 94% and user satisfaction is accepted. The evaluation of the security was based on two threats related to IoT devices which are guessing and physical observation. The results showed that the password strength of the proposed authentication method is stronger than the traditional 4-digits PIN password. The proposed authentication method is also resistant to physical observation threats. Author