Top

Published in:

01-12-2012 | Original Paper

On the Designing of a Tamper Resistant Prescription RFID Access Control System

Authors: Masoumeh Safkhani, Nasour Bagheri, Majid Naderi

Published in: Journal of Medical Systems | Issue 6/2012

Abstract

Recently, Chen et al. have proposed a novel tamper resistant prescription RFID access control system, published in the Journal of Medical Systems. In this paper we consider the security of the proposed protocol and identify some existing weaknesses. The main attack is a reader impersonation attack which allows an active adversary to impersonate a legitimate doctor, e.g. the patient’s doctor, to access the patient’s tag and change the patient prescription. The presented attack is quite efficient. To impersonate a doctor, the adversary should eavesdrop one session between the doctor and the patient’s tag and then she can impersonate the doctor with the success probability of ‘1’. In addition, we present efficient reader-tag to back-end database impersonation, de-synchronization and traceability attacks against the protocol. Finally, we propose an improved version of protocol which is more efficient compared to the original protocol while provides the desired security against the presented attacks.

Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C., PRESENT: An Ultra-Lightweight Block Cipher. In: CHES, pp. 450–466, 2007.

Boyer, S. T., WANURSES, New Tamper Resistant Prescription Pad Law, Nursing Practice Blog. http://www.wsnaweb.org/nursing-practice-update/index.php/2009/09/new-tamper-resistant-prescription-pad-law/, 2009.

Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., and Jan, J.-K., A design of tamper resistant prescription RFID access control system. J. Med. Syst. 35:1–7, 2011. doi:10.1007/s10916-011-958-2.CrossRef

Chien, H.-Y., Yang, C.-C., Wu, T.-C., and Lee, C.-F., Two RFID-based solutions to enhance inpatient medication safety. J. Med. Syst. 35:369–375, 2011.CrossRef

Phan R. C.-W., Cryptanalysis of a new ultralightweight RFID Authentication protocol—SASI. IEEE Trans. Dep. Sec. Comp. 6(4):316–320, 2009.CrossRef

Feldhofer, M., and Rechberger, C., A case against currently used hash functions in RFID protocols. In: OTM 2006, volume 4277 of Lecture Notes in Computer Science, pp. 372–381. Springer, 2006.

Fisher, J. A., and Monahan, T., Tracking the social dimensions of RFID systems in hospitals. Int. J. Med. Inform. 77(3):176–183, 2008.CrossRef

Wamba, S. F., RFID-enabled healthcare applications, issues and benefits: An archival analysis (1997–2011). J. Med. Syst. 1–6, 2012. doi:10.1007/s10916-011-9807-x.

Huang, H.-H., and Ku, C.-Y., An RFID grouping proof protocol for medication safety of inpatient. J. Med. Syst. 33:467–474, 2009.CrossRef

10.

Ivetic, D., and Dragan, D., Medical image on the go! J. Med. Syst. 35:499–516, 2011.CrossRef

11.

Min, D., and Yih, Y., Fuzzy logic-based approach to detecting a passive RFID tag in an outpatient clinic. J. Med. Syst. 35:423–432, 2011.CrossRef

12.

Ngai, E. W., Poon, J. K., Suk, F. F., and Ng, C. C., Design of an RFID-based healthcare management system using an information system design theory. Inf. Syst. Front. 11(4):405–417, 2009.CrossRef

13.

Østbye, T., Lobach, D. F., Cheesborough, D., Lee, A. M. M., Krause, K. M., Hasselblad, V., and Bright, D., Evaluation of an infrared/radio frequency equipment-tracking system in a tertiary care hospital. J. Med. Syst. 27:367–380, 2003.CrossRef

14.

Peris-Lopeza, P., Orfila, A., Mitrokotsa, A., and van der Lubbe, J. C., A comprehensive RFID solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13–24, 2011.CrossRef

15.

Safkhani, M., Bagheri, N., Sanadhya, S. K., Naderi, M., and Behnam, H., On the security of mutual authentication protocols for RFID systems: The case of Wei et al.’s protocol. In: Garcia-Alfaro, J. et al. (Eds.), volume 7122 of Lecture Notes in Computer Science, pp. 90–103. Springer, 2011.

16.

Stahl, J., Holt, J., and Gagliano, N., Understanding performance and behavior of tightly coupled outpatient systems using RFID: Initial experience. J. Med. Syst. 35:291–297, 2011.CrossRef

17.

Sun, P., Wang, B., and Wu, F., A new method to guard inpatient medication safety by the implementation of RFID. J. Med. Syst. 32:327–332, 2008.CrossRef

18.

Ting, S., Kwok, S., Tsang, A., and Lee, W., Critical elements and lessons learnt from the implementation of an RFID-enabled healthcare management system in a medical organization. J. Med. Syst. 35:657–669, 2011.CrossRef

19.

Wang, S.-W., Chen, W.-H., Ong, C.-S., Liu, L., and Chuang, Y.-W., RFID applications in hospitals: A case study on a demonstration RFID project in a Taiwan hospital. In: Proceedings of The 39th Hawaii International Conference on System Sciences, 2006.

20.

Wickboldt, A.-K., and Piramuthu, S., Patient safety through RFID: Vulnerabilities in recently proposed grouping protocols. J. Med. Syst. 36(2):431–435, 2012.CrossRef

21.

Tamper Resistant Prescription Drug Pad Program. Newfoundland labrador, Department of Health and Community Services. http://www.health.gov.nl.ca/health/prescription/hcp_tamperresistantdrugpad.html, 2006.

Title: On the Designing of a Tamper Resistant Prescription RFID Access Control System
Authors: Masoumeh Safkhani
Nasour Bagheri
Majid Naderi
Publication date: 01-12-2012
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 6/2012
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-012-9872-9

Keynote webinar | Spotlight on medication adherence

Springer Medicine

On the Designing of a Tamper Resistant Prescription RFID Access Control System

Abstract

Keynote webinar | Spotlight on medication adherence

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 6/2012

Family Physicians’ Perceptions and Use of Electronic Clinical Decision Support During the First Year of Implementation

Physicians’ Views and Assessments on Picture Archiving and Communication Systems (PACS) in Two Turkish Public Hospitals

Computer Aided Diagnosis System for Breast Cancer Based on Color Doppler Flow Imaging

An Efficient Authentication Scheme for Telecare Medicine Information Systems

Unified Performance Evaluation of Health Centers with Integrated Model of Data Envelopment Analysis and Bargaining Game

Applied Patent RFID Systems for Building Reacting HEPA Air Ventilation System in Hospital Operation Rooms