| Title | A Smartcard-Based User-Controlled Single Sign-On for Privacy Preservation in 5G-IoT Telemedicine Systems. |
| Authors | Lin, TW; Hsu, CL; Le, TV; Lu, CF; Huang, BY |
| Journal | Sensors (Basel, Switzerland) |
| Publication Date | 20 Apr 2021 |
| Date Added to PubMed | 1 May 2021 |
| Abstract | Healthcare is now an important part of daily life because of rising consciousness of health management. Medical professionals can know users' health condition if they are able to access information immediately. Telemedicine systems, which provides long distance medical communication and services, is a multi-functional remote medical service that can help patients in bed in long-distance communication environments. As telemedicine systems work in public networks, privacy preservation issue of sensitive and private transmitted information is important. One of the means of proving a user's identity are user-controlled single sign-on (UCSSO) authentication scheme, which can establish a secure communication channel using authenticated session keys between the users and servers of telemedicine systems, without threats of eavesdropping, impersonation, etc., and allow patients access to multiple telemedicine services with a pair of identity and password. In this paper, we proposed a smartcard-based user-controlled single sign-on (SC-UCSSO) for telemedicine systems that not only remains above merits but achieves privacy preservation and enhances security and performance compared to previous schemes that were proved with BAN logic and automated validation of internet security protocols and applications (AVISPA). |
| Link | http://doi.org/10.3390/s21082880 |
| Title | Sensor-Based mHealth Authentication for Real-Time Remote Healthcare Monitoring System: A Multilayer Systematic Review. |
| Authors | Shuwandy, ML; Zaidan, BB; Zaidan, AA; Albahri, AS |
| Journal | Journal of medical systems |
| Publication Date | 6 Jan 2019 |
| Date Added to PubMed | 7 Jan 2019 |
| Abstract | The new and groundbreaking real-time remote healthcare monitoring system on sensor-based mobile health (mHealth) authentication in telemedicine has considerably bounded and dispersed communication components. mHealth, an attractive part in telemedicine architecture, plays an imperative role in patient security and privacy and adapts different sensing technologies through many built-in sensors. This study aims to improve sensor-based defence and attack mechanisms to ensure patient privacy in client side when using mHealth. Thus, a multilayer taxonomy was conducted to attain the goal of this study. Within the first layer, real-time remote monitoring studies based on sensor technology for telemedicine application were reviewed and analysed to examine these technologies and provide researchers with a clear vision of security- and privacy-based sensors in the telemedicine area. An extensive search was conducted to find articles about security and privacy issues, review related applications comprehensively and establish the coherent taxonomy of these articles. ScienceDirect, IEEE Xplore and Web of Science databases were investigated for articles on mHealth in telemedicine-based sensor. A total of 3064 papers were collected from 2007 to 2017. The retrieved articles were filtered according to the security and privacy of sensor-based telemedicine applications. A total of 19 articles were selected and classified into two categories. The first category, 57.89% (n = 11/19), included survey on telemedicine articles and their applications. The second category, 42.1% (n = 8/19), included articles contributed to the three-tiered architecture of telemedicine. The collected studies improved the essential need to add another taxonomy layer and review the sensor-based smartphone authentication studies. This map matching for both taxonomies was developed for this study to investigate sensor field comprehensively and gain access to novel risks and benefits of the mHealth security in telemedicine application. The literature on sensor-based smartphones in the second layer of our taxonomy was analysed and reviewed. A total of 599 papers were collected from 2007 to 2017. In this layer, we obtained a final set of 81 articles classified into three categories. The first category of the articles [86.41% (n = 70/81)], where sensor-based smartphones were examined by utilising orientation sensors for user authentication, was used. The second category [7.40% (n = 6/81)] included attack articles, which were not intensively included in our literature analysis. The third category [8.64% (n = 7/81)] included 'other' articles. Factors were considered to understand fully the various contextual aspects of the field in published studies. The characteristics included the motivation and challenges related to sensor-based authentication of smartphones encountered by researchers and the recommendations to strengthen this critical area of research. Finally, many studies on the sensor-based smartphone in the second layer have focused on enhancing accurate authentication because sensor-based smartphones require sensors that could authentically secure mHealth. |
| Link | http://doi.org/10.1007/s10916-018-1149-5 |
| Title | Risk management-based security evaluation model for telemedicine systems. |
| Authors | Kim, DW; Choi, JY; Han, KH |
| Journal | BMC medical informatics and decision making |
| Publication Date | 10 Jun 2020 |
| Date Added to PubMed | 12 Jun 2020 |
| Abstract | Infectious diseases that can cause epidemics, such as COVID-19, SARS-CoV, and MERS-CoV, constitute a major social issue, with healthcare providers fearing secondary, tertiary, and even quaternary infections. To alleviate this problem, telemedicine is increasingly being viewed as an effective means through which patients can be diagnosed and medications prescribed by doctors via untact Thus, concomitant with developments in information and communication technology (ICT), medical institutions have actively analyzed and applied ICT to medical systems to provide optimal medical services. However, with the convergence of these diverse technologies, various risks and security threats have emerged. To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures. The security threats likely to be encountered in each of seven telemedicine service areas were analyzed, and related data were collected directly through on-site surveys by a medical institution. Subsequently, an attack tree, the most popular reliability and risk modeling approach for systematically characterizing the potential risks of telemedicine systems, was examined and utilized with the attack occurrence probability and attack success probability as variables to provide a comprehensive risk assessment method. In this study, the most popular modelling method, an attack tree, was applied to the telemedicine environment, and the security concerns for telemedicine systems were found to be very large. Risk management and evaluation methods suitable for the telemedicine environment were identified, and their benefits and potential limitations were assessed. This research should be beneficial to security experts who wish to investigate the impacts of cybersecurity threats on remote healthcare and researchers who wish to identify new modeling opportunities to apply security risk modeling techniques. |
| Link | http://doi.org/10.1186/s12911-020-01145-7 |
| Title | Collaborative Ehealth Privacy and Security: An Access Control With Attribute Revocation Based on OBDD Access Structure. |
| Authors | Edemacu, K; Jang, B; Kim, JW |
| Journal | IEEE journal of biomedical and health informatics |
| Publication Date | 1 Oct 2020 |
| Date Added to PubMed | 20 Feb 2020 |
| Abstract | The digitization of health records due to technological developments has paved the way for patients to be collaboratively treated by different healthcare institutions. In collaborative ehealth systems, a patient's health data is stored remotely in the cloud for sharing with different healthcare service providers. However, the use of third parties for storage exposes the data to several privacy and security violation threats. Ciphertext policy attribute-based encryption (CP-ABE) which provides a fine-grained access control is a promising solution to privacy and security issues in the cloud environment and as a result, it has been widely studied for secure sharing of health data in cloud-based ehealth systems. Addressing the aspects of expressiveness, efficiency, user collusion resistance and attribute/user revocation in CP-ABE have been at the forefront of these studies. Thus, in this article, we proposed a novel expressive, efficient and collusion-resistant access control scheme with immediate attribute/user revocation for secure sharing of health data in collaborative ehealth systems. The proposed scheme additionally achieves forward and backward security. To realize these features, our access control is based on the ordered binary decision diagram (OBDD) access structure and it binds the user keys to the user identities. Security and performance analysis show that our proposed scheme is secure, expressive and efficient. |
| Link | http://doi.org/10.1109/JBHI.2020.2973713 |
| Title | Telemedicine, privacy, and information security in the age of COVID-19. |
| Authors | Jalali, MS; Landman, A; Gordon, WJ |
| Journal | Journal of the American Medical Informatics Association : JAMIA |
| Publication Date | 1 Mar 2021 |
| Date Added to PubMed | 17 Dec 2020 |
| Abstract | |
| Link | http://doi.org/10.1093/jamia/ocaa310 |
| Title | Security, Privacy, and Usability in Continuous Authentication: A Survey. |
| Authors | Baig, AF; Eskeland, S |
| Journal | Sensors (Basel, Switzerland) |
| Publication Date | 6 Sep 2021 |
| Date Added to PubMed | 11 Sep 2021 |
| Abstract | Continuous authentication has been proposed as a possible approach for passive and seamless user authentication, using sensor data comprising biometric, behavioral, and context-oriented characteristics. Since these are personal data being transmitted and are outside the control of the user, this approach causes privacy issues. Continuous authentication has security challenges concerning poor matching rates and susceptibility of replay attacks. The security issues are mainly poor matching rates and the problems of replay attacks. In this survey, we present an overview of continuous authentication and comprehensively discusses its different modes, and issues that these modes have related to security, privacy, and usability. A comparison of privacy-preserving approaches dealing with the privacy issues is provided, and lastly recommendations for secure, privacy-preserving, and user-friendly continuous authentication. |
| Link | http://doi.org/10.3390/s21175967 |
| Title | Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan. |
| Authors | Sahi, A; Lai, D; Li, Y |
| Journal | Computers in biology and medicine |
| Publication Date | 1 Nov 2016 |
| Date Added to PubMed | 25 Oct 2016 |
| Abstract | Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. |
| Link | http://doi.org/10.1016/j.compbiomed.2016.09.003 |
| Title | REVISITING HEALTH INFORMATION TECHNOLOGY ETHICAL, LEGAL, and SOCIAL ISSUES and EVALUATION: TELEHEALTH/TELEMEDICINE and COVID-19. |
| Authors | Kaplan, B |
| Journal | International journal of medical informatics |
| Publication Date | 1 Nov 2020 |
| Date Added to PubMed | 6 Nov 2020 |
| Abstract | Information technologies have been vital during the COVID-19 pandemic. Telehealth and telemedicine services, especially, fulfilled their promise by allowing patients to receive advice and care at a distance, making it safer for all concerned. Over the preceding years, professional societies, governments, and scholars examined ethical, legal, and social issues (ELSI) related to telemedicine and telehealth. Primary concerns evident from reviewing this literature have been quality of care, access, consent, and privacy. To identify and summarize ethical, legal, and social issues related to information technology in healthcare, as exemplified by telehealth and telemedicine. To expand on prior analyses and address gaps illuminated by the COVID-19 experience. To propose future research directions. Literature was identified through searches, forward and backward citation chaining, and the author's knowledge of scholars and works in the area. EU and professional organizations' guidelines, and nineteen scholarly papers were examined and categories created to identify ethical, legal, and social issues they addressed. A synthesis matrix was developed to categorize issues addressed by each source. A synthesis matrix was developed and issues categorized as: quality of care, consent and autonomy, access to care and technology, legal and regulatory, clinician responsibilities, patient responsibilities, changed relationships, commercialization, policy, information needs, and evaluation, with subcategories that fleshed out each category. The literature primarily addressed quality of care, access, consent, and privacy. Other identified considerations were little discussed. These and newer concerns include: usability, tailoring services to each patient, curriculum and training, implementation, commercialization, and licensing and liability. The need for interoperability, data availability, cybersecurity, and informatics infrastructure also is more apparent. These issues are applicable to other information technologies in healthcare. Clinicians and organizations need updated guidelines for ethical use of telemedicine and telehealth care, and decision- and policy-makers need evidence to inform decisions. The variety of newly implemented telemedicine services is an on-going natural experiment presenting an unparalleled opportunity to develop an evidence-based way forward. The paper recommends evaluation using an applied ethics, context-sensitive approach that explores interactions among multiple factors and considerations. It suggests evaluation questions to investigate ethical, social, and legal issues through multi-method, sociotechnical, interpretive and ethnographic, and interactionist evaluation approaches. Such evaluation can help telehealth, and other information technologies, be integrated into healthcare ethically and effectively. |
| Link | http://doi.org/10.1016/j.ijmedinf.2020.104239 |