Protocols for Mobile E-Health Authentication
摘要
This chapter presents the development of a passwordless authentication framework for mobile e-health systems, designed to address security vulnerabilities and enhance data privacy. The framework aims to replace traditional password-based methods, which are often inadequate for mobile health applications due to security limitations and usability concerns, particularly for elderly users. The research introduces the EHEART application, a unique non-regenerated identity generation method for e-health sensor nodes, a two-tier network architecture, and the EHEART authentication protocol. These elements collectively enhance security, minimize reliance on third-party servers, and streamline user access. The EHEART application, leveraging Near Field Communication (NFC), provides a secure and seamless platform for user authentication by activating only when validated by an NFC ring. This approach reduces energy consumption and communication overhead while ensuring that only authenticated users gain access. The framework's two-tier architecture and identity-based encryption eliminate third-party server dependencies, enabling secure data transmission directly from mobile devices to e-health servers. The authentication protocol employs lightweight cryptographic techniques and formal security validation, showcasing resilience against common attacks such as replay and cloning. Results indicate that the proposed framework significantly improves data security and operational efficiency in mobile e-health systems. The use of a unique identity for each sensor node and elimination of passwords enhance security and usability. This passwordless solution contributes to advancing mobile e-health, offering a scalable and reliable approach that meets the constraints of healthcare environments while improving accessibility and protecting patient data.