Implementing a secure remote patient monitoring system

ABSTRACT Remote patient monitoring (RPM) system is an efficient technology that allows reducing healthcare costs and contamination risks, especially in the context of a pandemic. However, security and data privacy are the major challenges that hinder the development of such technology. A secure RPM system should satisfy several security requirements such as authentication, confidentiality, and access control. Public Key Infrastructure (PKI) is one of the main widely-used key management schemes. Unfortunately, in an e-Health system supporting constrained devices, PKI suffers from some issues related to the burden of certificate management (e.g., revocation, storage, and distribution) and the computational cost of certification verification. In this paper, we present our contribution to the development of a secure RPM system. Our security solution is based on Certificate-less Public Key Cryptography (CL-PKC) which ensures a dynamic solution for securing communications between patient devices and the e-Health services core. The proposed solution provides secure authentication and key agreement protocol to establish secret session keys. These keys are used for secure exchanging real-time electronic health records (EHR). To evaluate our approach, we conducted both simulation and real experiments. The security and performance analysis show that our approach is secure and effective while being easy to implement on resource-constrained devices with a low computational cost.