Can the User Authentication System for the Electronic Medical Record System Improve the Power to Secure in Medical Field? A Security Analysis

Can the User Authentication System for the Electronic Medical Record System Improve the Power to Secure in Medical Field? A Security Analysis

© 2022 by IJETT Journal
Volume-70 Issue-8
Year of Publication : 2022
Authors : Seonjae Been, Younsung Choi, Haewon Byeon
DOI : 10.14445/22315381/IJETT-V70I8P239

How to Cite?

Seonjae Been, Younsung Choi, Haewon Byeon, "Can the User Authentication System for the Electronic Medical Record System Improve the Power to Secure in Medical Field? A Security Analysis ," International Journal of Engineering Trends and Technology, vol. 70, no. 8, pp. 387-393, 2022. Crossref,

The electronic medical record is the set of individual patient health information stored in a digital format. This format can be shared across medical networks. This system enables the efficient transfer of medical records between institutions, patients and staff. The EMR contains personal health information; therefore, network access to patient-related data must be controlled to ensure that unlawful parties do not misuse personal information. Han et al. proposed several biometric-based authentication methods. However, Madhusudan et al. revealed that the biometric-based authentication method proposed by Han et al. had various weaknesses and proposed an authentication scheme with improved security suitable for the EMR system. In this paper, through security analysis, we analyse the operation process of the scheme by Madhusudhan et al. and reveal problems, including 𝐻(𝐵𝑖 ) recognition errors, no perfect forward secrecy, insider attacks (user identification guessing attacks), insider attacks (forgery attacks) and denial-of-service attacks.

Security Analysis, Authentication Scheme, EMR, Patient information, Medical Data.

[1] T. D. Gunter, and N. P. Terry, “The Emergence of National Electronic Health Record Architectures in the United States and Australia: Models, Costs, and Questions,” J Med Internet Res, vol. 7, no. 1, pp. e383, 2005.
[2] M. Nikooghadam, and A. Zakerolhosseini, “Secure Communication of Medical Information using Mobile Agents,” J Med Sys, vol. 36, no. 6, pp. 3839–3850, 2012.
[3] R. C. Barrows Jr and P. D. Clayton, “Privacy, Confidentiality, and Electronic Medical Records,” Journal of the American Medical Informatics Association, vol. 3, no. 2, pp. 139-148, 1996.
[4] J. Goldsmith, D. Blumenthal, and W. Rishel, “Federal Health Information Policy: A Case of Arrested Development,” Health Affairs, vol. 22, no. 4, pp. 44-55, 2003.
[5] C. W. Burt, and J. E. Sisk, “Which Physicians and Practices are using Electronic Medical Records?,” Health Affairs, vol. 24, no. 5, pp. 1334-1343, 2005.
[6] S. B. Othman, A. Trad, and H. Youssef, “Security Architecture for at-Home Medical Care using Wireless Sensor Network,” IEEE, pp. 304-309, 2014
[7] M. Li, W. Lou, and K, Ren, “Data Security ]and Privacy in Wireless Body Area Networks,” IEEE Wirel. Commun., vol. 17, no. 1, pp. 51-58, 2010.
[8] Z. Siddiqui, A. H. Abdullah, M. K. Khan, and A. S. Alghamdi, “Cryptanalysis and Improvement of ‘A Secure Authentication Scheme for Telecare Medical Information System’ with Nonce Verification.,” Peer-to-Peer Networking and Applications, vol. 9, no. 5, pp. 841-853, 2016.
[9] C. S. Park, “Authentication Protocol Providing user Anonymity and Untraceability in Wireless Mobile Communication Systems.,” Computer Networks, vol. 44, no. 2, pp. 267-273, 2004.
[10] W. Rankl, and W. Effing, “Smart Card Handbook,” John Wiley & Sons., 2004. 393
[11] D. Bhattacharyya, R. Ranjan, F. Alisherov, and M. Choi, “Biometric Authentication: A Review.,” International Journal of u-and e-Service, Science and Technology, vol. 2, no. 3, pp. 13-28, 2009.
[12] G. Singh, “A Study of Encryption Algorithms (RSA, DES, 3DES And AES) for Information Security.,” Int. J. Comput. Appl., vol. 67, no. 19, 2013.
[13] R. Mahaveerakannan, and C. S. G. Dhas, “Customised RSA Public Key Cryptosystem using Digital Signature of Secure Data Transfer Natural Number Algorithm.,” IJCTA, vol. 9, no. 5, pp. 543-548, 2016.
[14] K. Lauter, “The advantages of Elliptic Curve Cryptography For Wireless Security.,” IEEE Wirel. Commun., vol. 11, no. 1, pp. 62-67, 2004.
[15] R. Mahaveerakannan, and C. Suresh Gnana Dhas, “A Hybrid Group Key Management Scheme for Uav–Mbn Network Environment Increasing Efficiency of Key Distribution in Joining Operation.,” International Conference on Intelligent Information Technologies., pp. 93-107, 2017.
[16] L. Han, X. Tan, S. Wang, and X. Liang, “An Efficient and Secure Three-Factor Based Authenticated Key Exchange Scheme using Elliptic Curve Cryptosystems.,” Peer Peer Netw. Appl., vol. 11, no. 1, pp. 63-73, 2018.
[17] C. S. Nayak, “An Improved User Authentication Scheme for Electronic Medical Record Systems.,” Multimed. Tools Appl., vol. 79, no. 29, pp. 22007-22026, 2020.
[18] Q. Jiang, Z. Chen, B. Li, J. Shen, L. Yang, and J. Ma, “Security Analysis and Improvement of Bio-Hashing Based Three-Factor Authentication Scheme for Telecare Medical Information Systems.,” J. Ambient Intell. Humaniz. Comput, vol. 9, no. 4, pp. 1061-1073, 2018.
[19] Y. choi, “Smart Card Based Password Authentication Scheme using Fuzzy Extraction Technology.,” Journal of Korea Society of Digital Industry and Information Management, vol. 14, no. 4, pp. 125-134, 2018.
[20] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy Extractors: How To Generate Strong Keys from Biometrics and Other Noisy Data.,” International Conference on the Theory and Applications of Cryptographic Techniques.,” pp. 523-540, 2004.
[21] X. Boye, Reusable cryptographic fuzzy extractors, “Proceedings of the 11th ACM conference on Computer and Communications Security,” pp. 82-91, 2004.
[22] W. Duch, R. Adamczak, and K. Grabczewski, “A New Methodology of Extraction, Optimisation and Application of Crisp and Fuzzy Logical Rule,” IEEE Transactions on Neural Networks, vol. 12, no. 1, pp. 277-306, 2001.
[23] Y. choi, J. Nam, D. Lee, J. Kim, J. Jung and D. Won, “Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards And Biometrics.,” The Scientific World Journal, 2014.
[24] M. Nikooghadam, and H. Amintoosi, “Perfect Forward Secrecy Via an ECC-Based Authentication Scheme for SIP in Voip.,” The Journal of Supercomputing, vol. 76, no. 4, pp. 3086-3104, 2020.
[25] W. S. Chun, and D. W. Park, “A Study on N-IDS Detection and Packet Analysis Regarding a DoS Attack.,” Journal of the Korea Society of Computer and Information, vol. 13, no. 6, pp. 217-224, 2008.
[26] A. D. Wood, and J. A. Stankovic, “Denial of Service in Sensor Networks.,” Computer, vol. 35, no. 10, pp. 54-62, 2002.
[27] Dr. Azeez Ajani Waheed, Mrs. Kikelomo Okesola, Mrs. Oluwaseyi Afe, Mr. Babafemi Samuel "An Integrated and Secured Web Based Electronic Health Record" International Journal of Recent Engineering Science 8.4(2021):19-26.
[28] Salim Istyaq, Afrah Nazir, Mohammad Sarosh Umar “Hybrid Graphical User Authentication Scheme Using Grid Code" International Journal of Engineering Trends and Technology 69.5(2021):166-176.
[29] Mezui Eya’a Guy Lysmos, Dr.Mostafa Hanoune, "Hybrid Data Compression System In Smart E-Health Gateway For Medical Monitoring Applications" SSRG International Journal of Computer Science and Engineering 7.1 (2020): 1- 6. Crossref,