Skip to main content
Log in

Two RFID Standard-based Security Protocols for Healthcare Environments

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate theimplementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. In the location-privacy game used in [43] a query represents the hash query of \(\mathbb {T}\) or an anonymous query sent to \(\mathbb {T}\).

References

  1. Arbit, A., Oren, Y., and Wool, A. Toward practical public key anti-counterfeiting for low-cost epc tags. In: IEEE International Conference on RFID, pp. 184–191, 2011.

  2. Aronson, J., Medication errors: What they are, how they happen, and how to avoid them. QJM: Int. J. Med. 102(8):513–521, 2009.

    Article  Google Scholar 

  3. Azevedo, S. G., and Ferreira, J. J., Radio frequency identification: A case study of healthcare organisations. Int. J. Secur. Netw. 5(2/3):147–155, 2010.

    Article  Google Scholar 

  4. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., and Verbauwhede, I., Public-key cryptography for RFID-Tags. In: Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 217–222, 2007.

  5. Biryukov, A., Block ciphers and stream ciphers: The state of the art. Cryptology ePrint Archive, Report 2004/094, 2004. http://eprint.iacr.org/.

  6. Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., and Vikkelsoe, C., Present: an ultra-lightweight block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2007. Lecture Notes in Computer Science, Vol. 4727, pp. 450–466. Berlin: Springer, 2007.

    Google Scholar 

  7. Bunduchi, R., Weisshaar, C., and Smart, A. U., Mapping the benefits and costs associated with process innovation: The case of rfid adoption. Technovation 31(9):505–521, 2011.

    Article  Google Scholar 

  8. Cannire, C., Dunkelman, O., and Kneevi, M., KATAN and KTANTAN a family of small and efficient hardware-oriented block ciphers. In: Cryptographic Hardware and Embedded Systems-CHES 2009. Lecture Notes in Computer Science, Vol. 5747, pp. 272–288. Berlin: Springer, 2009.

  9. Chan, H. L., Choi, T. M., and Hui, C. L., Rfid versus bar-coding systems: transactions errors in health care apparel inventory control. Decis. Support. Syst. 54(1):803–811, 2012.

    Article  Google Scholar 

  10. Chen, Y. Y., Huang, D. C., Tsai, M. L., and Jan, J. K., A design of tamper resistant prescription rfid access control system. J. Med. Syst. 36(5):2795–2801, 2012. doi:10.1007/s10916-011-9758-2.

    Article  Google Scholar 

  11. Chen, Y. Y., Wang, Y. J., and Jan, J. K., A secure 2G-RFID-Sys mechanism for applying to the medical emergency system. J. Med. Syst. 37(3):1–10, 2013.

    Article  Google Scholar 

  12. Chien, H. Y., and Chen, C. H., Mutual authentication protocol for rfid conforming to epc class 1 generation 2 standards. Comput. Stand. & Interfaces 29(2):254–259, 2007.

    Article  MathSciNet  Google Scholar 

  13. Chien, H. Y., Yang, C. C., Wu, T. C., and Lee, C. F., Two rfid-based solutions to enhance inpatient medication safety. J. Med. Syst. 35(3):369–375, 2011. doi: 10.1007/s10916-009-9373-7.

    Article  Google Scholar 

  14. Duc, D. N., and Kim, K., Defending rfid authentication protocols against dos attacks. Comput. Commun. 34(3):384–390, 2011.

    Article  Google Scholar 

  15. Dunbar, P., 300,000 babies stolen from their parents-and sold for adoption: haunting bbc documentary exposes 50-year scandal of baby trafficking by the catholic church in Spain. Daily Mail, 2011. http://www.dailymail.co.uk/news/article-2049647/BBC-Catholic-documentary-exposes-50-year-scandal-baby-trafficking-church-Spain.html.

  16. Feldhofer, M., and Rechberger, C., A case against currently used hash functions in rfid protocols. In: Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems-Workshops-Volume Part I, OTM’06, pp. 372–381. Springer-Verlag, 2006.

  17. Feldhofer, M., Wolkerstorfer, J., and Rijmen, V., Aes implementation on a grain of sand. IEE Proceed. Info. Secur. 152(1):13–20, 2005.

    Article  Google Scholar 

  18. Fu, X., and Guo, Y., A lightweight rfid mutual authentication protocol with ownership transfer. In: Advances in Wireless Sensor Networks, Communications in Computer and Information Science, Vol. 334, pp. 68–74. Berlin: Springer, 2013.

    Google Scholar 

  19. Gmez Pardo, J., Classical ciphers and their cryptanalysis. In: Introduction to Cryptography with Maple, pp. 1–33. Berlin: Springer, 2013.

    Google Scholar 

  20. Hell, M., Johansson, T., Maximov, A., and Meier, W., A stream cipher proposal: Grain-128. In: IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE, 2006.

  21. Huang, H. H., and Ku, C. Y., A rfid grouping proof protocol for medication safety of inpatient. J. Med. Syst. 33(6):467–474, 2009. doi: 10.1007/s10916-008-9207-z.

    Article  Google Scholar 

  22. ICAO: Machine readable travel documents–part 3. International Civil Aviation Organization, 2009.

  23. ISO: Information technology–security techniques–entity authentication–part 2: Mechanisms using symmetric encipherment algorithms, iso/iec 9798-2:2008. International Standard, 2nd edn., 1999.

  24. Kitsos, P., Sklavos, N., Parousi, M., and Skodras, A. N., A comparative study of hardware architectures for lightweight block ciphers. Comput. Electr. Eng. 38(1):148–160, 2012.

    Article  Google Scholar 

  25. Lin, L., Yu, N., Wang, T., and Zhan, C., Active rfid based infant security system., In: Ma, M. (Ed.) Communication Systems and Information Technology, Lecture Notes in Electrical Engineering, Vol. 100, pp. 203–209. Berlin: Springer, 2011.

    Google Scholar 

  26. Lin, Q., and Zhang, F., Ecc-based grouping-proof rfid for inpatient medication safety. J. Med. Syst. 36(6):3527–3531, 2012.

    Article  Google Scholar 

  27. Malkin, B., 300,000 babies stolen from their parents-and sold for adoption: haunting bbc documentary exposes 50-year scandal of baby trafficking by the catholic church in spain. The Telegraph p. 1, 2011. http://www.telegraph.co.uk/news/religion/8660249/Australias-Roman-Catholic-Church-apologises-for-forced-adoptions.html.

  28. Menezes, A. J., Vanstone, S. A., and Oorschot, P. C. V., Handbook of applied cryptography, 1st edn. CRC Press, Inc, 1996.

  29. Mora-Gutirrez, J., Jimnez-Fernndez, C., and Valencia-Barrero, M., Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation. In: Lecture Notes in Computer Science, Vol. 7606, pp. 113–120. Berlin: Springer, 2013.

    Google Scholar 

  30. Najera, P., Lopez, J., and Roman, R., Real-time location and inpatient care systems based on passive rfid. J. Netw. Comput. Appl. 34(3):980–989, 2011.

    Article  Google Scholar 

  31. NCMEC: Newborn/infant abductions. National Center for Missing & Exploited Children, p. 1, 2012. http://www.ncmec.org/en_US/documents/InfantAbductionStats.pdf.

  32. NIST: Recommendation for block cipher modes of operation. methods and techniques, NIST special publication 800–38a. National Institute of Standards and Technology, 2001.

  33. NIST: Recommendation for block cipher modes of operation: the CMAC mode for authentication, NIST special publication 800-38b. National Institute of Standards and Technology, 2005.

  34. NIST: Recommendation for key derivation using pseudorandom functions (revised), NIST special publication 800–108. National Institute of Standards and Technology, 2009.

  35. Oztekin, A., Pajouh, F. M., Delen, D., and Swim, L. K., An rfid network design methodology for asset tracking in healthcare. Decis. Support. Syst. 49(1):100–109, 2010. doi: 10.1016/j.dss.2010.01.007.

    Article  Google Scholar 

  36. Parlak, S., Sarcevic, A., Marsic, I., and Burd, R. S., Introducing rfid technology in dynamic and time-critical medical settings: Requirements and challenges. J. Biomed. Inform. 45(5):958–974, 2012.

    Article  Google Scholar 

  37. Peris-Lopez, P., Orfila, A., Mitrokotsa, A., and van der Lubbe, J. C., A comprehensive rfid solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13—24, 2011. doi: 10.1016/j.ijmedinf.2010.10.008.

    Article  Google Scholar 

  38. Peris-Lopez, P., Orfila, A., Mitrokotsa, A., and van der Lubbe, J. C. A., A comprehensive rfid solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13–24, 2011.

    Article  Google Scholar 

  39. Piramuthu, S., Rfid mutual authentication protocols. Decis. Support. Syst. 50(2):387–393, 2011.

    Article  Google Scholar 

  40. Qu, X., Simpson, L. T., and Stanfield, P., A model for quantifying the value of rfid-enabled equipment tracking in hospitals. Adv. Eng. Inform. 25(1):23–31, 2011.

    Article  Google Scholar 

  41. Safkhani, M., Bagheri, N., and Naderi, M., On the designing of a tamper resistant prescription rfid access control system. J. Med. Syst. 36(6):3995–4004, 2012. doi: 10.1007/s10916-012-9872-9.

    Article  Google Scholar 

  42. Sun, P. R., Wang, B. H., and Wu, F., A new method to guard inpatient medication safety by the implementation of rfid. J. Med. Syst. 32(4):327–332, 2008.

    Article  Google Scholar 

  43. Wu, Z. Y., Chen, L., and Wu, J. C., A reliable rfid mutual authentication scheme for healthcare environments. J. Med. Syst. 37:1–9, 2013.

    Google Scholar 

  44. Wyld, D., Preventing the worst case scenario: An analysis of rfid technology and infant protection in hospitals. Int. J. Healthc. Adm. 7(1), 2010.

  45. Yang, M. H., Secure multiple group ownership transfer protocol for mobile rfid. Electron. Commer. Res. Appl. 11(4):361–373, 2012.

    Article  Google Scholar 

  46. Yao, W., Chu, C. H., and Li, Z., The use of rfid in healthcare: Benefits and barriers. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA), pp. 128 –134, 2010.

  47. Yao, W., Chu, C. H., and Li, Z., The use of rfid in healthcare: benefits and barriers. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA), pp. 128–134. IEEE Society, 2010.

  48. Yao, W., Chu, C. H., and Li, Z., Leveraging complex event processing for smart hospitals using rfid. J. Netw. Comput. Appl. 34(3):799–810, 2011.

    Article  Google Scholar 

  49. Yao, W., Chu, C. H., and Li, Z., The adoption and implementation of rfid technologies in healthcare: a literature review. J. Med. Syst. 36(6):3507–3525, 2012.

    Article  Google Scholar 

  50. Yen, Y. C., Lo, N. W., and Wu, T. C., Two rfid-based solutions for secure inpatient medication administration. J. Med. Syst. 36(5):2769–2778, 2012. doi: 10.1007/s10916-011-9753-7.

    Article  Google Scholar 

  51. Zhou, W., and Yoon, E. J., Piramuthu, S., Simultaneous multi-level rfid tag ownership & transfer in health care environments. Decis. Support. Syst. 54(1):98–108, 2012.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Pedro Peris-Lopez.

Additional information

Conflict of Interest

The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Picazo-Sanchez, P., Bagheri, N., Peris-Lopez, P. et al. Two RFID Standard-based Security Protocols for Healthcare Environments. J Med Syst 37, 9962 (2013). https://doi.org/10.1007/s10916-013-9962-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9962-3

Keywords

Navigation