Picazo-Sanchez Pablo, Bagheri Nasour, Peris-Lopez Pedro, Tapiador Juan E
Department of Applied Mathematics, University School of Computer Science (UPM) of Madrid, Madrid, Spain,
J Med Syst. 2013 Oct;37(5):9962. doi: 10.1007/s10916-013-9962-3. Epub 2013 Aug 16.
Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate the implementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.
射频识别(RFID)系统广泛应用于访问控制、交通运输、实时库存与资产管理、自动支付系统等领域。然而,在医疗环境中,这项技术的应用几乎尚未得到探索,其潜在应用包括患者监测、资产追踪以及给药系统等等,这里仅列举了一部分。RFID技术能够提供更智能的系统和应用,但在采用该技术之前,必须解决隐私和安全问题。在医疗应用中,情况更为严峻,因为涉及非常敏感的信息,且患者安全至关重要。Wu等人(《医学系统杂志》37:19, 43)最近为医疗环境提出了一种新的RFID认证协议。在本文中,我们表明该协议使标签持有者的位置隐私面临风险,这是最令人担忧的问题,并且破坏了该提议的安全性。为了促进基于RFID的安全解决方案在医疗领域的实施,我们提出了两种新应用(认证和安全消息传递),并提出了与该领域先前提议不同的解决方案,这些解决方案完全基于ISO标准和美国国家标准与技术研究院(NIST)的安全建议。
