Lightweight Authentication Mechanism for Industrial IoT Environment Combining Elliptic Curve Cryptography and Trusted Token.

With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness.

Self-management system for postpartum women with hypertension disorders: an eHealth application intervention study.

BACKGROUND: Hypertension disorders are relatively common in pregnant women and often persist in the postpartum period. Few studies are available regarding the self-management of postpartum hypertension via the eHealth system. This study aimed to develop a self-management eHealth system for women with postpartum hypertension during the postpartum period. METHODS: We adopted a multi-platform system for this research, not only for use on the web interface but also on smartphones. The proposed system possessed three features: (1) the population was limited to postnatal women with hypertension; (2) a self-care record, which allowed postnatal women to keep track of their blood pressure, pulse, weight, medication record, exercise record, and risk factor assessment; and (3) through this system, nurse-midwives could keep track of postnatal women's health status maintaining the complete record and could communicate directly with the users if their health monitor values reach beyond normal range. RESULTS: Thirty-nine postnatal women with postpartum hypertension were recruited to the study. A survey to evaluate the usability and satisfaction of the proposed e-health application system was completed by these women. The usability rate of the system reached 92.4% (46.2% satisfied and 46.2% strongly satisfied), which suggested that the system was helpful to the users. The satisfaction rate of the system reached 94.9% (43.6% satisfied and 51.3% strongly satisfied), which suggested that the system was acceptable to the users. CONCLUSION: This proposed system has been developed completely with user experience and professional advice from experts. Postnatal women could gain important postpartum-related knowledge and access their related health records and other information easily via their smartphones or computers. During the postpartum period, an eHealth application system can effectively assist women with hypertension to manage their blood pressure and related postnatal healthcare issues.

TTAS: Trusted Token Authentication Service of Securing SCADA Network in Energy Management System for Industrial Internet of Things.

The vigorous development of the Industrial Internet of Things brings the advanced connection function of the new generation of industrial automation and control systems. The Supervisory Control and Data Acquisition (SCADA) network is converted into an open and highly interconnected network, where the equipment connections between industrial electronic devices are integrated with a SCADA system through a Modbus protocol. As SCADA and Modbus are easily used for control and monitoring, the interconnection and operational efficiency between systems are highly improved; however, such connectivity inevitably exposes the system to the open network environment. There are many network security threats and vulnerabilities in a SCADA network system. Especially in the era of the Industrial Internet of Things, any security vulnerability of an industrial system may cause serious property losses. Therefore, this paper proposes an encryption and verification mechanism based on the trusted token authentication service and Transport Layer Security (TLS) protocol to prevent attackers from physical attacks. Experimentally, this paper deployed and verified the system in an actual field of energy management system. According to the experimental results, the security defense architecture proposed in this paper can effectively improve security and is compatible with the actual field system.

Design and evaluation of the bed-cleaning mobile application.

AIM: To develop a mobile application (App) that enhances bed-cleaning management. BACKGROUND: Bed cleaning affects clinical work in hospitals. The nursing department needed an App to enhance bed-cleaning management, especially one on the status of all beds to be cleaned. METHODS: Bed-Cleaning App (BedCApp) was developed. Then, a survey was administered to 50 BedCApp users. RESULTS: BedCApp helped the administrative staff and nurse managers in adjusting their workload effectively. A complete presentation of beds to be cleaned and reminders were found to be the most satisfactory features. The average time from receiving the notice to completing bed cleaning was shortened by 25.5 min. The user satisfaction survey comprised 50 valid questionnaires, with a satisfaction rate of 3.6/5. CONCLUSION: BedCApp provides the actual workload status; therefore, the administrative staff and nurse managers can optimize the workload during rush hours. The software is user-oriented, with good user acceptance. IMPLICATIONS FOR NURSING MANAGEMENT: Proactive workload management would improve outcomes during rush hours and avoid interference in clinical care. The user interfaces for the elderly staff has special design-simple to use, larger font size than that in the interface for non-elderly staff and workflow reminders.

Maternal body weight and diet management system.

BACKGROUND: Body weight control is a significant issue to pregnant women. Overweight or underweight not only affects the normal growth of the fetus but also results in health impacts for pregnant women. Currently, some mobile applications which have released to stress how to achieve the purpose of weight control are not suitable for pregnant women. To design an appropriate mobile application of body weight control for pregnant women, a multidiscipline team collaborated. OBJECTIVE: This study proposed a mobile application approach to assist women to maintain an ideal weight control during their pregnancy. In addition, the usefulness of the application was evaluated among pregnancy women. METHODS: Firstly, the guidance of weight and diet management for pregnant women were obtained from textbooks and professional healthcare providers including nurses and nutritionists. Secondly, the researcher considered aspects of Human-Computer Interaction and theories of information technology behavior to design the mobile application. Finally, 52 pregnant women were recruited to test the prototype, which is a mobile application available on different devices with browsers. CONCLUSIONS: Compared with other similar types of body weight and diet management mobile applications, the proposed application offers several characteristics to increase pregnant women's willingness to use it.

Effects of a Web-Based Antenatal Care System on Maternal Stress and Self-Efficacy During Pregnancy: A Study in Taiwan.

INTRODUCTION: Women may experience significant stress during pregnancy, and antenatal care and education provide a means to address this. E-health, the use of computer and information technology for health care, has been incorporated into antenatal care and education, but e-health has not been evaluated for its usefulness in addressing stress. The objective of this study was to investigate the effectiveness of a web-based antenatal care and education system on pregnancy-related stress, general self-efficacy, and satisfaction with antenatal care. METHODS: A quasi-experimental design enrolled pregnant women at 16 to 24 weeks' gestation with a low-risk pregnancy. Women in the control group (n = 67) received routine antenatal care; women in the experimental group (n = 68) also received a web-based antenatal care and education program in the second trimester. Pregnancy stress and general self-efficacy were assessed at study entry and again at 36 to 38 weeks' gestation; satisfaction with care was assessed at the study endpoint. RESULTS: When the pretest scores were controlled, the women in the experimental group reported significantly lower pregnancy-related stress (F = 12.9, P < .001) and significantly higher self-efficacy (F = 17.61, P < .001) than did the women in the control group. Women in the experimental group reported lower pregnancy-related stress (t = 5.09, P < .001) and a higher general self-efficacy (t = -3.17, P = .001) at posttest compared to pretest. However, the women in the control group reported a lower general self-efficacy at posttest compared to pretest (t = 2.86, P = .006). Women in the experimental group reported significantly higher satisfaction levels with antenatal care than those in the control group. DISCUSSION: A web-based antenatal care and education system can improve pregnancy-related stress and general self-efficacy among pregnant women. Integrating health care with web-based or internet-based interventions may improve the quality of antenatal care.

A clinical nutritional information system with personalized nutrition assessment.

BACKGROUND AND OBJECTIVE: Traditional nutrition evaluations not only require the use of numerous tables and lists to provide sufficient recommendations for patients' diets but are also very time-consuming due to cross-referencing and calculations. METHODS: To personalize patient assessments, this study implemented a Clinical Nutritional Information System (CNIS) to help hospital dietitians perform their daily work more effectively in terms of time management and paper work. The CNIS mainly targets in-patients who require cancer-nutrition counselling. The development of the CNIS occurred in three phases. Phase 1 included system design and implementation based on the Nutrition Care Process and Model (NCPM) and the Patient Nutrition Care Process. Phase 2 involved a survey to characterize the efficiency, quality and accuracy of the CNIS. In Phase 3, a second survey was conducted to determine how well dietitians had adapted to the system and the extent of improvement in efficiency after the CNIS had been available online for three years. RESULTS: The work time requirements decreased by approximately 58% with the assistance of the CNIS. Of the dietitians who used the CNIS, 95% reported satisfaction, with 91.66% indicating that the CNIS was really helpful in their work. However, some shortcomings were also evident according to the results. CONCLUSIONS: Dietitians favoured the standardization of nutritional intervention and monitoring. The CNIS meets the needs of dietitians by increasing the quality of nutritional interventions by providing accurate calculations and cross-referencing for information regarding patients' conditions, with the benefit of decreasing the processing time, such as handwritten documentation. In addition, the CNIS also helps dietitians statistically analyse each patient's personal nutritional needs to achieve nutritional improvement.

A Multi-Constraint Scheme with Authorized Mechanism for the Patient Safety.

Many research works have attempted to introduce passive RFID technology into medical systems to reduce medical errors. However, most of these proposed works focused on identifying patients and objects. If an RFID based medical system is only good for identifying patients and medical objects but not capable of halting any medical process immediately, then it is not possible to prevent medical errors from happening. Our research focuses on a mechanism to detect and to avoid medical harm before it occurs to patients. In this paper, we propose to incorporate multiple-constraints into the authorization scheme and used this scheme as a basis for implementing a medical management system avoiding medical errors to assist medical staff. Specifically, our scheme ensures that a medical operation is if and only if enabled when the constraints are being satisfied that an "identified patient" is being treated by a "certified medical staff member" within an "authorized area". In practical environments, our authorization scheme can be applied to various healthcare applications, and we develop a prototype system and test it in three applications: X-ray control, specimen collection, and blood transfusion management. The experimental results show that the system can be used to enable X-ray when the X-ray is in authorized location and operated by authorized operator. For the specimen collection and blood transfusion, the logs showing which medical staff has done specimen or blood transfusion on which patient at authorized location are correctly recorded into Hospital Information System (HIS). The locating process can be performed within 10 to 20 seconds, and the locating error is less than 2 meters.

Electronic personal maternity records: Both web and smartphone services.

This study develops an antenatal care information system to assist women during pregnancy. We designed and implemented the system as both a web-based service and a multi-platform application for smartphones and tablets. The proposed system has three novel features: (1) web-based maternity records, which contains concise explanations of various antenatal screening and diagnostic tests; (2) self-care journals, which allow pregnant women to keep track of their gestational weight gains, blood pressure, fetal movements, and contractions; and (3) health education, which automatically presents detailed information on antenatal care and other pregnancy-related knowledge according to the women's gestational age. A survey was conducted among pregnant women to evaluate the usability and acceptance of the proposed system. In order to prove that the antenatal care was effective, clinical outcomes should be provided and the results are focused on a usability evaluation.

An efficient forward-secure group certificate digital signature scheme to enhance EMR authentication process.

The frequently used digital signature algorithms, such as RSA and the Digital Signature Algorithm (DSA), lack forward-secure function. The result is that, when private keys are renewed, trustworthiness is lost. In other words, electronic medical records (EMRs) signed by revoked private keys are no longer trusted. This significant security threat stands in the way of EMR adoption. This paper proposes an efficient forward-secure group certificate digital signature scheme that is based on Shamir's (t,n) threshold scheme and Schnorr's digital signature scheme to ensure trustworthiness is maintained when private keys are renewed and to increase the efficiency of EMRs' authentication processes in terms of number of certificates, number of keys, forward-secure ability and searching time.

A low-cost reader for automatically collecting vital signs in hospitals.

Nowadays, the use of medical sensors with embedded communication modules provides accurate number reading and automatic recording. However, such readers are usually more expensive than similar devices without an embedded communication module. Further, different vendors define proprietary communication protocols and data formats for their own medical sensors. Due to the twin issues of high cost and diversity of standards, the automatic collection of patients' vital signs is not common in hospitals, meaning that medical staff need to periodically collect all patients' vital signs. This may cause further problems in caring for patients. We propose a low-cost reader using a cheap web camera to automatically read vital sign monitors in hospitals. The reader uses a high-resolution web camera to take a series of pictures of vital sign monitors and recognizes vital signs in electronic form and then forwards that information to hospital information systems. Its major benefit is that different sensors equipped with vital sign monitors, whether they include a computer communications module, can be digital-number recognized. It saves time in recording monitored vital signs of patients widely located in hospitals. In sum medical staff care of patients may be usefully assisted by the proposed reader which automatically collects all patients' vital signs, significantly improving patient care.

Utilize common criteria methodology for secure ubiquitous healthcare environment.

RFID technology is widely used in healthcare environments to ensure patient safety. Therefore, the testing of RFID tags, such as performance tests and security evaluations, is necessary to ensure inter-operational functional compatibility with standards. A survey of the literature shows that while standards that are around RFID performance tests have been addressed, but the same is not true for security evaluations. Therefore, in this paper, we introduce the Common Criteria security evaluation methodology, also known as ISO/IEC 15408, for the security evaluation of RFID tags and propose a framework as a minimal requirement for RFID tags to improve security assurance.

Low cost RFID real lightweight binding proof protocol for medication errors and patient safety.

An Institute of Medicine Report stated there are 98,000 people annually who die due to medication related errors in the United States, and hospitals and other medical institutions are thus being pressed to use technologies to reduce such errors. One approach is to provide a suitable protocol that can cooperate with low cost RFID tags in order to identify patients. However, existing low cost RFID tags lack computational power and it is almost impossible to equip them with security functions, such as keyed hash function. To address this issue, a so a real lightweight binding proof protocol is proposed in this paper. The proposed protocol uses only logic gates (e.g. AND, XOR, ADD) to achieve the goal of proving that two tags exist in the field simultaneously, without the need for any complicated security algorithms. In addition, various scenarios are provider to explain the process of adopting this binding proof protocol with regard to guarding patient safety and preventing medication errors.

Forward secure digital signature for electronic medical records.

The Technology Safeguard in Health Insurance Portability and Accountability Act (HIPAA) Title II has addressed a way to maintain the integrity and non-repudiation of Electronic Medical Record (EMR). One of the important cryptographic technologies is mentioned in the ACT is digital signature; however, the ordinary digital signature (e.g. DSA, RSA, GQ...) has an inherent weakness: if the key (certificate) is updated, than all signatures, even the ones generated before the update, are no longer trustworthy. Unfortunately, the current most frequently used digital signature schemes are categorized into the ordinary digital signature scheme; therefore, the objective of this paper is to analyze the shortcoming of using ordinary digital signatures in EMR and to propose a method to use forward secure digital signature to sign EMR to ensure that the past EMR signatures remain trustworthy while the key (certificate) is updated.

Dual function seal: visualized digital signature for electronic medical record systems.

Digital signature is an important cryptography technology to be used to provide integrity and non-repudiation in electronic medical record systems (EMRS) and it is required by law. However, digital signatures normally appear in forms unrecognizable to medical staff, this may reduce the trust from medical staff that is used to the handwritten signatures or seals. Therefore, in this paper we propose a dual function seal to extend user trust from a traditional seal to a digital signature. The proposed dual function seal is a prototype that combines the traditional seal and digital seal. With this prototype, medical personnel are not just can put a seal on paper but also generate a visualized digital signature for electronic medical records. Medical Personnel can then look at the visualized digital signature and directly know which medical personnel generated it, just like with a traditional seal. Discrete wavelet transform (DWT) is used as an image processing method to generate a visualized digital signature, and the peak signal to noise ratio (PSNR) is calculated to verify that distortions of all converted images are beyond human recognition, and the results of our converted images are from 70 dB to 80 dB. The signature recoverability is also tested in this proposed paper to ensure that the visualized digital signature is verifiable. A simulated EMRS is implemented to show how the visualized digital signature can be integrity into EMRS.

Pocket EZPIN device for healthcare IC cards to enhance the security and convenience of senior citizens.

An application that adopts smart cards often requires users to enter a PIN (Personal Identification Number) code. In Taiwan's healthcare system, a PIN is used to protect a card holder's private data. However, should one forget one's PIN, the procedure to set up a new PIN is inconvenient. There is a higher probability that senior citizens may forget their PINs. We propose a device which stores the PIN of the cardholder's Healthcare IC card. When the healthcare IC card reader requires the cardholder to enter his/her PIN, the cardholder pushes a button of the device to remotely sends the cardholder's encrypted PIN, for example by Infra Red. The device is designed to be low cost and easy to carry, and, hence, affordable to be a gift to senior citizens. Moreover, if the cardholder should forget to take the device with him/her, the card still works as normal. The device would be helpful in ensuring the public's privacy and convenience in Taiwan's healthcare system.

A cost-effective add-on-value card-assisted firewall over Taiwan's NHI VPN framework.

Besides the overall budget for building the infrastructure of a healthcare-service-based virtual private network (VPN) in Taiwan, two issues were considered critical for its acceptance by the country's 17,000 plus medical institutions. One was who was to pay for the network (ADSL or modem) connection fee; the other was who was to pay for the firewall/anti-virus software. This paper addresses the second issue by proposing an efficient freeware firewall, named card-assisted firewall (CAF), for NHI VPN edge-hosts, which is also an add-on-value application of the National Healthcare IC card that every insurant and medical professional has. The innovative concept is that any NHI VPN site (edge-host) can establish diversified secure-authenticated connections with other sites only by an authentication mechanism, which requires a NHI Java card state machine and the Access Control List of the host. It is different from two-factor authentication cards in four ways: (1) a PIN code is not a must; (2) it requires authentication with the remote IC card Data Centre; (3) the NHI cards are already available, no modification is needed, and there is no further cost for the deployment of the cards; (4) although the cards are in the reader, the communication cannot start unless the cards are in the corresponding states; i.e. the states allow communication. An implementation, on a Microsoft Windows XP platform, demonstrated the system's feasibility over an emulation of the NHI VPN framework. It maintained a high line speed, the driver took up 39 KB of disk space, installation was simple, not requiring any extra hardware or software, and the average packet processing time of the CAF driver measured was 0.3084 ms. The average overhead in comparing the Access Control List predefined routing in card, in an FTP testing experiment, was 5.7 micros (receiving) and 8 micros (sending).

Design and prototype of a mechanism for active on-line emerging/notifiable infectious diseases control, tracking and surveillance, based on a national healthcare card system.

Timeliness is a critical issue in preventing the spread of emerging/notifiable infectious diseases, such as severe acute respiratory syndrome (SARS) or avian influenza (bird flu). Current computerized surveillance systems in many countries have demonstrated their usefulness in detecting specified communicable-diseases. However, the off-line, daily or weekly data reporting mode induces a time lag in data collection, transmission, processing, and responses. This paper proposes an on-line real-time mechanism, named EDICTS, for emerging/notifiable infectious diseases control, tracking and surveillance. It is based on the on-line health IC card system and works at the registration process of primary care practices and emergency departments. Hence, should a disease defined by CDC (Center for disease control) be detected at the registration station, EDICTS responds in real time. Note that EDICTS is a mechanism; it is CDC that determines the policy and activates it. A prototype is designed and implemented on a simulated environment of the Taiwan's national health insurance IC card system. The proposed policy and rules are defined according to the CDC regulations. Timely, sensitive and cost-effective, EDICTS complements the existing successive level of CDC reporting system as a fast-response control channel.

Using Healthcare IC Cards to manage the drug doses of chronic disease patients.

In Taiwan's medical system, the Healthcare IC Card is used as form of secure data storage. This research applies the Healthcare IC Card to record the chronic disease patient's recent drug doses, diagnoses and prescriptions. With the Hospital Information System, this research combines the diagnosis records stored in the Healthcare IC Card to establish a platform which could simulate the procedures of a doctor in examining a patient and checking the circumstances of the patient's repetitive drug doses and drugs interactions. The experiment is based on a data log of about 22,000 items of drug prescribed to 43 diabetes patients and about 88,200 items to 192 high blood pressure patients. The results show that the proposed approach would have reduced the waste of medical resources, strengthened Taiwan's medical system and increased the public's health.