Securing the Communication of Medical Information Using Local Biometric Authentication and Commercial Wireless Links

V. I. Ivanov, P. L. Yu and J. S. Baras

Health Informatics Journal, Volume 16, Number 3, pp. 211-223, September 2010.

Abstract

Medical information is extremely sensitive in nature – a compromise, such as eavesdropping or tampering by a malicious third party, may result in identity theft, incorrect diagnosis and treatment, and even death. Therefore, it is important to secure the transfer of medical information from the patient to the recording system. We consider a portable, wireless device transferring medical information to a remote server. We decompose this problem into two sub-problems and propose security solutions to each of them:
(1) to secure the link between the patient and the portable device, and
(2) to secure the link between the portable device and the network. Thus we push the limits of the network security to the edge by authenticating the user using their biometric information; authenticating the device to the network at the physical layer; and strengthening the security of the wireless link with a key exchange mechanism. The proposed authentication methods can be used for recording the readings of medical data in a central database and for accessing medical records in various settings.