Strengthening E-Health Security: Authentication Analysis Through Formal Methods
摘要
This chapter introduces and analyzes a secure, passwordless authentication framework for mobile e-health systems, with a focus on protecting sensitive patient data against common security threats. By moving away from traditional password-based methods, the research addresses vulnerabilities inherent in such systems, which are particularly challenging in the context of healthcare. The framework leverages unique identity-based encryption and a secure boot process that integrates Near Field Communication (NFC) technology to authenticate e-health sensor nodes, enhancing both security and user experience. The study utilizes formal methods, specifically the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, to validate the proposed protocol. This approach enables a thorough assessment of the protocol’s robustness against attacks such as replay and node cloning. Through simulations, the protocol demonstrates resilience, confirming that unauthorized entities are effectively prevented from accessing the e-health network. The identity-based encryption scheme reduces memory consumption by up to 65%, while also optimizing energy usage, which is critical for resource-limited mobile e-health devices. Results from AVISPA simulations show that the authentication protocol can secure mobile e-health communications by safeguarding patient data without relying on third-party servers. The protocol’s lightweight design minimizes computational overhead, making it suitable for real-time healthcare applications. Additionally, this chapter identifies areas for further research, such as refining the protocol for deployment in diverse healthcare settings and evaluating it in real-world environments. The findings contribute significantly to the advancement of secure mobile e-health systems, offering a practical solution that aligns with the demands of modern healthcare. This research lays a foundation for developing more sophisticated, resilient e-health authentication protocols, thereby supporting the growing adoption of digital healthcare technologies while prioritizing patient privacy and data security.