Uma solução de autenticação forte para ambientes de saúde baseados em sensores / A solution for strong authentication in sensor-based healthcare environments

Carbone, Felipe José

January 2014

Equipamentos médicos equipados com interface de rede, classificados como sensores, transmitem informações sensíveis sobre a rede, constituindo uma rede de sensores. Essa rede pode ser utilizada para o acompanhamento remoto de pacientes a domicílio, com a finalidade de propiciar comodidade ao paciente. As informações provenientes desses sensores são vulneráveis, necessitando assim de fortes mecanismos de segurança. Devido às vulnerabilidades, métodos mais eficazes de autenticação vêm sendo desenvolvidos. Porém, as soluções de autenticação existentes obrigam a interação direta dos usuários com o sistema, não respeitando suas individualidades. Dessa forma, esta dissertação propõe uma solução de autenticação forte a qual retira a necessidade de interação do usuário com o sistema, baseando-se nos fatores de biometria e localização. O autenticador desenvolvido, foi testado através de estudos de casos distintos para mostrar sua eficiência e viabilidade para utilização em um ambiente real. / Medical devices equipped with network interfaces, classified as sensors, transmit sensitive information through the network and form a sensor network. This network can be used to monitor patients at home remotely. The information from these sensors is vulnerable and requires strong security mechanisms. Because of vulnerabilities, more effective authentication methods have been developed. However, the current authentication solutions require direct interaction of the user with the system, which does not respect their individuality. Thus, this dissertation proposes a strong authentication solution in which the interaction of the user with the system is removed based on biometrics and location factors. The developed authenticator was tested through different case studies to show its efficiency and feasibility before application in a real environment.

Informática médica

Sensores

Redes : Computadores

Strong authentication

Biometrics

Localization

Sensor networks

Uma solução de autenticação forte para ambientes de saúde baseados em sensores / A solution for strong authentication in sensor-based healthcare environments

Carbone, Felipe José

January 2014

Equipamentos médicos equipados com interface de rede, classificados como sensores, transmitem informações sensíveis sobre a rede, constituindo uma rede de sensores. Essa rede pode ser utilizada para o acompanhamento remoto de pacientes a domicílio, com a finalidade de propiciar comodidade ao paciente. As informações provenientes desses sensores são vulneráveis, necessitando assim de fortes mecanismos de segurança. Devido às vulnerabilidades, métodos mais eficazes de autenticação vêm sendo desenvolvidos. Porém, as soluções de autenticação existentes obrigam a interação direta dos usuários com o sistema, não respeitando suas individualidades. Dessa forma, esta dissertação propõe uma solução de autenticação forte a qual retira a necessidade de interação do usuário com o sistema, baseando-se nos fatores de biometria e localização. O autenticador desenvolvido, foi testado através de estudos de casos distintos para mostrar sua eficiência e viabilidade para utilização em um ambiente real. / Medical devices equipped with network interfaces, classified as sensors, transmit sensitive information through the network and form a sensor network. This network can be used to monitor patients at home remotely. The information from these sensors is vulnerable and requires strong security mechanisms. Because of vulnerabilities, more effective authentication methods have been developed. However, the current authentication solutions require direct interaction of the user with the system, which does not respect their individuality. Thus, this dissertation proposes a strong authentication solution in which the interaction of the user with the system is removed based on biometrics and location factors. The developed authenticator was tested through different case studies to show its efficiency and feasibility before application in a real environment.

Informática médica

Sensores

Redes : Computadores

Strong authentication

Biometrics

Localization

Sensor networks

Uma solução de autenticação forte para ambientes de saúde baseados em sensores / A solution for strong authentication in sensor-based healthcare environments

Carbone, Felipe José

January 2014

Equipamentos médicos equipados com interface de rede, classificados como sensores, transmitem informações sensíveis sobre a rede, constituindo uma rede de sensores. Essa rede pode ser utilizada para o acompanhamento remoto de pacientes a domicílio, com a finalidade de propiciar comodidade ao paciente. As informações provenientes desses sensores são vulneráveis, necessitando assim de fortes mecanismos de segurança. Devido às vulnerabilidades, métodos mais eficazes de autenticação vêm sendo desenvolvidos. Porém, as soluções de autenticação existentes obrigam a interação direta dos usuários com o sistema, não respeitando suas individualidades. Dessa forma, esta dissertação propõe uma solução de autenticação forte a qual retira a necessidade de interação do usuário com o sistema, baseando-se nos fatores de biometria e localização. O autenticador desenvolvido, foi testado através de estudos de casos distintos para mostrar sua eficiência e viabilidade para utilização em um ambiente real. / Medical devices equipped with network interfaces, classified as sensors, transmit sensitive information through the network and form a sensor network. This network can be used to monitor patients at home remotely. The information from these sensors is vulnerable and requires strong security mechanisms. Because of vulnerabilities, more effective authentication methods have been developed. However, the current authentication solutions require direct interaction of the user with the system, which does not respect their individuality. Thus, this dissertation proposes a strong authentication solution in which the interaction of the user with the system is removed based on biometrics and location factors. The developed authenticator was tested through different case studies to show its efficiency and feasibility before application in a real environment.

Informática médica

Sensores

Redes : Computadores

Strong authentication

Biometrics

Localization

Sensor networks

Strong Authentication Protocol using PIV Card with Mobile Devices

Kunning, Mao

January 2013

Nowadays weak single-factor authentication mechanisms like passwords or passphrases are commonly used. Static passwords are easy to use, just remember them in mind. However it has many security weaknesses and even strong passwords are not strong enough. For example, strong secrets are difficult to remember, and people tend to share authentication credentials across systems, which reduce the overall security tremendously. Thus, for security sensitive environment we need strong multi-factors authentication. Smart card based certificate strong authentication solution can be used as a replacement for standard password-based schemes. And also a large existing base of deployed smart cards used to provide authentication in other areas can be reused to reduce costs significantly. This master thesis presents a study of how to implement certificate-based strong authentication on mobile devices using PIV smart card. It proposes a strong authentication protocol based on FIPS 201 Personal Identity verification standard, and FIPS 196 entity strong authentication protocol scheme, and describes the implementation of a mobile security application developed on iOS system using a smart card reader. Our solution can provide high level of security services for mobile applications, and can easily protect their confidentiality, integrity and authenticity.

Mobile Applications Security

Strong Authentication

Smart Card

Engineering and Technology

Teknik och teknologier

Security for Mobile Payment Transaction

Desta, Girmay

January 2012

The advancement of ICT in a variety of sectors helped in improving the time consuming and rigid service into fast and flexible service that is closer to the reach of individuals. For instance, mobile applications have evolved in different sectors such as healthcare patient support, geographic mapping and positioning, banking, e-commerce payment services and others. This study focuses on one of the most sensitive applications, which is mobile payment. Mobile payment system being one of the widely expanding mobile services, it has security concerns that prevented its wide acceptance. Some of the main security services given prior attention in mobile payment are issues of privacy, authentication and confidentiality. The research concentrates on the strong authentication of a mobile client to its server, securing the credit card* information and use of mobile card reader while making payments that enable customers to protect privacy of financial credentials. The strong authentication mechanism mainly follows the NIST standard publications namely, FIPS PUB 201 and FIPS 196; which are standards on Entity Authentication using public key cryptography and PKI credential storage Personal Identity Verification (PIV) card respectively. The proposed secure Credit Card Information (CCI) storage is in a secure element in order to prevent tampering of stored data. The secure element options are microSD, UICC, Smartcard (together with digital certificate and service ticket). During making payments, the payment information encrypted using a shared key is securely sent to payment server. A demo mobile application as proof of concept was implemented in a simulated lab (KTH SecLab), which has all the necessary infrastructure setup (servers, card reader) for testing the proposed solution. The paper was able to proof the concept of secure payment by enhancing the authentication, confidentiality and privacy of payment information. However, the demo for Strong Authentication did not completely succeed as expected due to unexpected bugs in the early version of card reader SDK.

Strong Authentication

mobile security

PIV

mobile PKI

payment privacy

EMV security

Engineering and Technology

Teknik och teknologier

Location Based Authentication

Sharma, Seema

20 May 2005

With the growth of wireless technologies in sectors like the military, aviation, etc, there is a need to determine the authenticity of a genuine user. Today's conventional authentication mechanisms are based on three factors: knowledge, possession and biometrics. These factors are prone to theft, hardware failure, expensive, etc. Consequently, there is a need of a stronger solution. One such solution is Location Based Authentication that considers the location information of a user. The location information is time based and thus hard to steal. However, accuracy of the GPS, signal strength inside the building, etc, affects its potential. Consequently, there is a need to address alternatives. One such alternative is to implement a puzzle-based authentication scheme based on the location information. In the proposed scheme, the server asks dynamic location-based questions and the client answers them based on the proposed route of travel. This scheme strengthens the current authentication mechanisms.

Authentication

Use of strong authentication

Authentication factors

Location based authentication

Security in wireless systems

Travel plan puzzle