140 likes | 270 Views
Timestamp Authentication Protocol for Remote Monitoring in eHealth. Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group School of Engineering and Mathematical Sciences City University London. Outline of the Presentation. Problem domain
E N D
Timestamp Authentication Protocol for Remote Monitoring in eHealth Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group School of Engineering and Mathematical Sciences City University London
Outline of the Presentation • Problem domain • eHealth System Architecture • Protocol initiation • Timestamp protocol • Issues with using Timestamp • Operation analysis
Problem domain • Remote health monitoring with mobile devices • Patient authentication to a remote server • Prevent replay attacks • Freshness of the message • Protect data confidentiality • Protect data integrity
Timestamp in authentication protocol • Verifies freshness of messages and expiration of keys • Message timelines are specified • Time-limited constrains on access privileges • Forced delays of a response messages can be detected • Reduced the number of transmitted messages
Protocol Initiation • Each device with a clock • Difference in clock values < threshold value T • Can be a maximum transmission delay of D • Message is considered fresh if • tc – T – D =< tm =< tc + T tc: current time tm: time stamp in the message
Timestamp validation • When a message is received timestamp is compared with the current clock value • Message is fresh if the timestamp is satisfied as tc –T – D =< tm • Messages with inequality timestamp will be discarded
Issues with using Timestamp • Clock Synchronization • Clocks are not accurate • In distributed environment via network protocols • Synchronization method should be secured • Trusted Clocks • The receiver’s clock has to be trusted • Clock values can be changed by users with GMS/UMTS handheld devices
Operation Analysis • If [ tHAS –T – D =< tpatient1 ] is not • HAS advices the client to correct the clock and re-send the message • Else • Generate a User Token (UT) • Attached HAS timestamp and patient timestamp with signing HAS private key SKHAS (tpatient1, tHAS) Patient HAS tHAS tpatient1 tpatient1, Access Info
Operation Analysis (Contd.) • HAS sends the UT and generated authentication timestamps to the patient Patient HAS tHAS tpatient1 S SKHAS (tpatient1, tHAS), UT
Operation Analysis (Contd.) Patient HS tHS tpatient2 • Healthcare Staff (HS) verifies user message • Verifies the UT • Verifies the message S SKHSA (tpatient1, tHAS) with the public key of HAS ( PKHAS ) • Compares tpatient1 and tpatient2 • Message is fresh only if tpatient2 – T – D =< tpatient1 • Else Patient has to re-authenticate with the HAS and resend the message S SKHAS (tpatient1, tHAS), UT, tpatient2
Conclusion • Remote monitoring for healthcare • Requirement of timestamp authentication • eHealth architecture • Proposed protocol • How to validate the timestamp • Issues with timestamp protocol • Operation analysis