A Novel Authentication and Key Agreement Scheme for Countering MITM and Impersonation Attack in Medical Facilities

  • Steve Olsen Maikol Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
  • Adnan Shahid Khan Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
  • Yasir Javed Prince Sultan University
  • Anderson Lau Anak Bunsu Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
  • Chelsten Petrus Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
  • Heindwick George Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
  • Simon Jau Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak
Keywords: Authentication, security, ECC, ECDSA, Key Generation Scheme

Abstract

Authentication is used to enfold the privacy of the patient to implement security onto the communication between patients and service providers. Several types of research have proposed support for anonymity for contextual privacy in medical systems that are still vulnerable to impersonation attack and Man-in-the-middle attack. By using powerful technology that is used in medical facilities, it can help in building an advanced system. However, the same powerful tools can also be used by the attackers to gain personal profits and to cause chaos. The proposed countermeasure that is to be taken to prevent this kind of attacks is by implementing mutual authentication between users, their devices/mobile devices, and the system’s cloud server, and also a key agreement scheme together with the help of Elliptic Curve Cryptography (ECC). A novel authentication scheme which consists of two phases, a signature generation, and authentication process. The ECC implementation is to ensure that the keys are thoroughly secured and is not copy- able, together with a Key generation scheme that shields the system against impersonation attacks. The usage of Elliptic Curve Digital Signature Algorithm (ECDSA), in a signature generation, on the other hand, provides users more secure way to hide the user private key and bring additional security layer before proceeding to authentication phase due to the existence of extra elements of domain parameters. Authentication is still considered as a crucial component in maintaining the security of any critical facilities that require the CIA tried and non- repudiation as a need to maintain their data. It does not only apply to medical centers, but any organizations that possess valuable data that is needed to be protected also requires strong authentication protocols. Thus, the trend for the need of novel authentication protocols will keep on rising as technology gets fancier and fancier.

Downloads

Download data is not yet available.

Author Biographies

Adnan Shahid Khan, Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak

Adnan Shahid Khan is currently a Senior Lecturer at Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak. He has completed his Postdoctoral, Ph.D. and Masters in Networks in 2013, 2012, 2008 respectively from Universiti Technology Malaysia, Johor Bahru, Malaysia and BSc (Hons) Computer Sciences in 2005 from University of Punjab, Lahore Pakistan. His research interest includes Wireless Communication, Cloud computing, Internet of things, Software Defined Networking, Cryptography, Network and Information Security.

Yasir Javed, Prince Sultan University

Yasir Javed is a currently working as lecturer at Prince Sultan University, Riyadh. His research interest includes  Programming, Robotics, Drones, Vehicular Platoons, Secure Software development, Mobile Apps Security, Signal processing, IoT Analytics, Intelligent Applications, Statistics, data analytics, Forensics Analysis, big data and Predictive computing. He is also working as Research Engineer at RIOTU research group.  He has successfully completed various International and National Research funding projects and has served as Analyst programmer at Prince Megren Data Center, Center of Excellence and Research and initiative center at Prince Sultan University. 

Published
02-12-2020
How to Cite
Maikol, S. O., Khan, A. S., Javed, Y., Bunsu, A. L. A., Petrus, C., George, H., & Jau, S. (2020). A Novel Authentication and Key Agreement Scheme for Countering MITM and Impersonation Attack in Medical Facilities. International Journal of Integrated Engineering, 13(2), 127-135. Retrieved from https://publisher.uthm.edu.my/ojs/index.php/ijie/article/view/6641