Security vulnerabilities analysis of improved user authentication techniques for electronic medical record systems in aging society

Q3 Nursing Gerontechnology Pub Date : 2022-10-23 DOI:10.4017/gt.2022.21.s.611.pp4
G. Eom, H. Byeon, Y. Choi
{"title":"Security vulnerabilities analysis of improved user authentication techniques for electronic medical record systems in aging society","authors":"G. Eom, H. Byeon, Y. Choi","doi":"10.4017/gt.2022.21.s.611.pp4","DOIUrl":null,"url":null,"abstract":"Purpose The electronic medical record is the sets of individual patient health information stored in a digital format. This format can be shared across medical networks. This system enables the efficient transfer of medical records between institutions, patients and staff. The EMR contains personal health information; therefore, network access to patient-related data must be monitored and controlled to ensure that unlawful parties do not misuse personal information. Han et al. proposed several biometric-based authentication methods. However, Madhusudan et al. revealed that the biometric-based authentication method proposed by Han et al. had various weaknesses and proposed an authentication scheme with improved security suitable for the EMR system. In this paper, through a security analysis, we analyse the operation process of the scheme by Madhusudhan et al. and reveal problems, including H(B_i ) recognition errors, no perfect forward secrecy, insider attacks (user identification guessing attacks), insider attacks (forgery attacks) and denial-of-service attacks. Method In Madhusudhan et al. scheme, a general hash function is used to use biometric information. If a general hash function is used, there is a problem that an error occurs even if biometric information is input slightly differently. The user enters biometric information in the login phase to log in to the server becomes the value of using for encryption. The login step proceeds only when the value is equal to, is, and is to input as Since is biometric information, it shows a little difference each time you enter a value. Since the combination of comes out differently depending on the input value, even if is input slightly differently, the value of may be output differently from the existing value. The fact that Perfect Forward Secrecy is satisfied means that even if one of the important master keys of the scheme is exposed, the previous session key cannot be found. However, in this scheme, if the value of one of the unchanging long-term keys, is exposed, not only the future session key but also the previously used session key can be found, which does not satisfy Perfect Forward Secrecy. And if the attacker acquires the user's smart card and knows the inside information, he can also find out the user's previous session key. Results and Discussion In this paper, after explaining the operation process of the authentication scheme with improved security for the EMR proposed by Madhusudhan et al., a security analysis was conducted. The scheme proposed by Madhusudhan et al. has security problems, such as H(B_i ) recognition errors, no perfect forward secrecy, insider attacks (user identification guessing attacks and forgery attacks), and DoS attacks.","PeriodicalId":38859,"journal":{"name":"Gerontechnology","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Gerontechnology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4017/gt.2022.21.s.611.pp4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Nursing","Score":null,"Total":0}
引用次数: 0

Abstract

Purpose The electronic medical record is the sets of individual patient health information stored in a digital format. This format can be shared across medical networks. This system enables the efficient transfer of medical records between institutions, patients and staff. The EMR contains personal health information; therefore, network access to patient-related data must be monitored and controlled to ensure that unlawful parties do not misuse personal information. Han et al. proposed several biometric-based authentication methods. However, Madhusudan et al. revealed that the biometric-based authentication method proposed by Han et al. had various weaknesses and proposed an authentication scheme with improved security suitable for the EMR system. In this paper, through a security analysis, we analyse the operation process of the scheme by Madhusudhan et al. and reveal problems, including H(B_i ) recognition errors, no perfect forward secrecy, insider attacks (user identification guessing attacks), insider attacks (forgery attacks) and denial-of-service attacks. Method In Madhusudhan et al. scheme, a general hash function is used to use biometric information. If a general hash function is used, there is a problem that an error occurs even if biometric information is input slightly differently. The user enters biometric information in the login phase to log in to the server becomes the value of using for encryption. The login step proceeds only when the value is equal to, is, and is to input as Since is biometric information, it shows a little difference each time you enter a value. Since the combination of comes out differently depending on the input value, even if is input slightly differently, the value of may be output differently from the existing value. The fact that Perfect Forward Secrecy is satisfied means that even if one of the important master keys of the scheme is exposed, the previous session key cannot be found. However, in this scheme, if the value of one of the unchanging long-term keys, is exposed, not only the future session key but also the previously used session key can be found, which does not satisfy Perfect Forward Secrecy. And if the attacker acquires the user's smart card and knows the inside information, he can also find out the user's previous session key. Results and Discussion In this paper, after explaining the operation process of the authentication scheme with improved security for the EMR proposed by Madhusudhan et al., a security analysis was conducted. The scheme proposed by Madhusudhan et al. has security problems, such as H(B_i ) recognition errors, no perfect forward secrecy, insider attacks (user identification guessing attacks and forgery attacks), and DoS attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
老龄化社会电子病历系统改进用户认证技术的安全漏洞分析
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Gerontechnology
Gerontechnology Nursing-Gerontology
CiteScore
1.00
自引率
0.00%
发文量
260
期刊最新文献
Older adults’ awareness, motivation, and behavior changes by wearable activity trackers before and during the COVID-19 pandemic Older adults’ awareness, motivation, and behavior changes by wearable activity trackers before and during the COVID-19 pandemic Digital divide: Knowledge, attitudes and practices toward mobile phone and apps use among Indonesian older adults residing in a megapolitan city Aging, artificial intelligence, and the built environment in smart cities: Ethical considerations Understanding the needs of older adults learning to use digital home assistants: A demonstration study
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1