ANÁLISIS OBJETIVO

One of the more difficult areas of privacy to maintain is information privacy. To maintain the anonymized or unlinked information from the patient while still being able to have a usable system takes extreme care and effort. The major concern to information privacy is the inappropriate use of access and collaborative use of access to compromise

Chapter 5:

patient privacy. Clinicians that can see one patient in most patient systems can usually see all of the patients in a system. This can lead to a clinician searching and breaching the privacy of patients that the clinician is not treating. Sun, et al. [49] attempt to preserve information privacy during Emergency Response situations with Wireless body sensor networks. The scheme presented protects patient information from undesired breaches of privacy after access has been given to the emergency medical technician (EMT). The EMT needs access to the immediate (based on a time period) and relevant clinical information of the patient but does not need as much historical information or other non-emergency information. The scheme involves the unlinkability of information in the systems that store the medical data causing anonymity of the data.

The patient PDA is initially registered with a central credential authority where the patient obtains an anonymous credential for future authentication with the remote server. The PDA stores the monitored medical data collected in each time period with an unlikable sequence number that the EMT cannot link to the medical data collected in other time periods unless authorized by the patient. When the PDA gains knowledge of a possible emergency from abnormal signals from the body sensors it will contact the primary physician who will evaluate the situation and request emergency services if required. The EMT that responds will demand the necessary medical data from the PDA which may accept only a reasonable date range for the request. The PDA will then give the desired identifiers to the EMT to gain access to the requested data. The identifiers given cannot be used to retrieve other patient information and cannot be linked to other data on the patient.

Chapter 5:

The data storage on the remote server that both the patient and the EMT use requires the patient PDA to follow a preparation phase on the data to create the unlinkability. The PDA selects a random secret seed (RSS) as input into a pseudo random number generator (PRNG). The PRNG will generate pseudorandom serial numbers (s1… sn) for each update

period (3-5 days) of clinical data. The PDA will then compute tags as a hash of each serial number where ti= h(si). Those tags are then sent to the server with the medical data to be

used for identification of the data by the EMT. When the EMT requests access to the data the PDA will use the RSS for the desired and approved periods to generate the serial numbers and then the tags. The tags are sent to the EMT to be able to retrieve the desired data. The EMT is unable to generate other tags that are related to the patient from the tags given which shows the unlinkability but the EMT can gain access to the required data to properly handle the medical emergency.

Chapter 6

CONCLUDINGREMARKS ANDFUTUREWORK

The application of wireless communication to the medical field will have many beneficial and far reaching impacts on the way healthcare is delivered. The legislated requirements relating to the handling of clinical and personal information require that security be at the core of any system developed for a clinical application. HIPAA in the United States of America and PIPEDA in Canada are two examples of government legislation that have a direct impact on the way that health and personal information can be collected and transmitted. Major issues are the confidentiality and integrity of the information collected and transmitted which requires a strong method of authentication and key agreement. To address these privacy and legislated issues authentication, key

Chapter 6: Concluding Remarks andFuture Work

agreement, encryption, and integrity hashing are required technologies that need to be implemented in any Medical Wireless Sensor Network.

The existing wireless authentication frameworks are investigated; these networks are currently deployed and have undergone extensive testing and have withstood a great number of real world attacks. The authentication in WEP, WPA and WPA2 are discussed, showing the problems that existed in the older protocols and how they were overcome by the next generation of technology and protocols. The issues in WEP are not related to the encryption algorithm but the implementation of the protocol that cause the weaknesses. We also investigate the mobile wireless network protocols, showing the different evolutionary constraints on the systems that are deployed and developed. A major issue with the integration of GSM and UMTS security protocols is revealed and two solutions are proposed showing how to increase the security by using simple hashing techniques.

The information gained from examining the existing wireless protocols gave a foundation for the protocols designed in this thesis. The protocols are designed to achieve mutual authentication and key agreement for secure communication between the smart control node, clinical server and sensor nodes use minimal messages. The protocols also avoid public key encryption due to the increased processing and resources required to implement public key protocols. The protocols are analyzed using BAN analysis showing that they are secure and achieve the desired result of mutual authentication and key agreement.

Other aspects of privacy are then investigated with possible methods of addressing the privacy issues. Location privacy is of large concern and will need to be addressed and

Chapter 6: Concluding Remarks andFuture Work

the MIST and TOR protocols meet some of the needs of location privacy. The issues of identification and information privacy are also discussed with an overview on possible solutions to address those problems.

The protocol developed is an excellent foundation for the implementation of wireless sensors for healthcare. This thesis addresses the legal requirements of privacy required by both Canada and the United States. The protocols developed will allow for the application of sensors to many different areas of clinical telemetry.