Marriette Katarahweire, Engineer Bainomugisha, K. Mughal
{"title":"Authentication in Selected Mobile Data Collection Systems: Current State, Challenges, Solutions and Gaps","authors":"Marriette Katarahweire, Engineer Bainomugisha, K. Mughal","doi":"10.1109/MOBILESoft.2017.9","DOIUrl":null,"url":null,"abstract":"Mobile data collection systems (MDCS) in the health sector are of great benefit to health care providers and community workers especially in low-resource settings. MDCS enable the extension and provision of health services closer to the community by enabling data collection and diagnosis without the patient being in a hospital setting. MDCS, however, face a number security challenges including authentication and authorization of users, secure communication between a mobile client and the server, and secure application deployment. This paper provides a criteria and guidelines for evaluating an authentication model for MDCS. The criteria encompass key authentication dimensions including proper local and remote authentication, password management and recovery especially with no Internet connectivity. We assess the authentication models using two reference systems that are widely used in low-resource settings, namely, District Health Information Software (DHIS 2) and mUzima. The findings reveal gaps in the authentication model of the reference systems including insecure authentication, insecure storage of user credentials on the mobile device and no proper automatic logouts, among others.","PeriodicalId":281934,"journal":{"name":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBILESoft.2017.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Mobile data collection systems (MDCS) in the health sector are of great benefit to health care providers and community workers especially in low-resource settings. MDCS enable the extension and provision of health services closer to the community by enabling data collection and diagnosis without the patient being in a hospital setting. MDCS, however, face a number security challenges including authentication and authorization of users, secure communication between a mobile client and the server, and secure application deployment. This paper provides a criteria and guidelines for evaluating an authentication model for MDCS. The criteria encompass key authentication dimensions including proper local and remote authentication, password management and recovery especially with no Internet connectivity. We assess the authentication models using two reference systems that are widely used in low-resource settings, namely, District Health Information Software (DHIS 2) and mUzima. The findings reveal gaps in the authentication model of the reference systems including insecure authentication, insecure storage of user credentials on the mobile device and no proper automatic logouts, among others.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
