ROBUST TELEHEALTHCARE SYSTEM : NFC-BASED APPROACH

Abstract

Patients with dispersed health records face the challenge of securely accessing and maintaining readilyavailablehealthhistory. Dispersedhealthrecordscausedifficultyinmobilityacrossdifferent hospitals and seeking timely diagnosis and treatment. The cloud-based systems have higher challenges for security and privacy and are not 24/7 available. The portable-based systems are restricted to a specific health provider and may have limitations for space and access. There is a growing usage of mobile devices due to their improved computational and storage capabilities. Hence, they may be useful for health record management. However, current mobile-based health recordsystemsarelimitedforeitherremoteaccesstothecloud-basedrepositoryortostorerecords for only offline backup. None of the current health record management solutions fulfils patient mobility, with the aggregation of updated health records, secure and direct access for reading and writing,andmaintenanceofprovenanceofhealthrecords. This thesis proposes a next-generation smart health record management system with secure NFC-enabledmobiledevicestofulfiltherequirementsforpatientmobilityacrosshospitals. First, thethesisproposesasystemdesignforthesmartportablemobile-basedhealthrecordmanagement system to assist patient mobility across hospitals. It retains Secure Mobility-Assisted PortabLE (S-MAPLE) health folder on the patient’s mobile device for storing dispersed health records. It can be accessed as a contactless card by the health professional’s mobile device using low energy wirelessinterfaces,suchasNearFieldCommunication(NFC)-basedHostCardEmulation(HCE) or Bluetooth. NFC provides proof-of-locality and makes eavesdropping and man-in-the-middle attacks difficult. The patients can also view their health records on the health folder locally on theirmobiledevices. Ahardwaretamper-resistantSecureElement(SE)intheformoramicroSD or SIM Card retains cryptographic credentials and also performs cryptographic computations. A cloud-based HealthSecure service helps manage credentials, unique identity and backup of the health data to refurbish the health folder in case of loss or theft of the patient’s mobile device. A variationoftheCiphertext-PolicyAttribute-BasedEncryption(CP-ABE)schemesecuresallhealth vi records for directly sharing them with multiple health providers using Role-based Access Control (RBAC)overtheNFCinterface. Second, this thesis proposes the essential security and threat requirements. The thesis also suggeststhesecuritysolutionscomprisingofsecurestorage,provenanceofhealthdata,mutualauthenticationwithtrustbetweendevices,andselectiveaccesswithscalablerevocation. Wepropose two novel protocols for secure healthcare access from portable devices. NFC SE-based Mutual AuthenticationandAttestation(NSE-AA)protocolprovidesend-to-endsymmetriclightweightmutual authentication and remote attestation between the SEs of the two mobile devices. Scalable Proxy-basedImmediateRevocationforCP-ABE(SPIRC)schemeimprovestheBethencourt’sCPABE scheme for scalable revocation and uninterrupted access to portable devices, without the requirementofanypriorrevocationlist,re-encryptionandre-distributionofkeys. Third,thisthesispresentsadetailedsecurityanalysisofthesecurityframeworkwithanemphasis onthetwoproposedsecurityprotocols. WeprovethattheNSE-AAprotocolissecureusingprotocol simulations on Automated Validation of Internet Security Protocols and Applications (AVISPA) tooland aformal securityproof usingtheReal-Or-Random (ROR)model. We alsoprove thatthe SPIRCschemeissecurefromCPA(ChosenPlaintextAttacks)inasecuritygame. Fourth, this thesis presents the details of the implementation and performance comparison of a prototype for the proposed health record system using mid-range Android devices with NFC and Bluetooth. The protocols are evaluated for their performance and compared qualitatively and quantitatively with the related schemes. The results indicate that the overheads of the security frameworkareacceptableandthattheproposedprotocolshaveimprovedperformance. ThecontactlessS-MAPLEhealthfoldercanassistinthepatientmobilityacrossdifferenthospitals with updated, secure and readily available health history. It can help improve the quality of healthcaremanagementbyprovidingtimelydiagnosisandtreatmenttothepatients.