Top

Published in:

01-06-2012 | ORIGINAL PAPER

Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment

Authors: Yao-Chang Yu, Ting-Wei Hou

Published in: Journal of Medical Systems | Issue 3/2012

Abstract

RFID technology is widely used in healthcare environments to ensure patient safety. Therefore, the testing of RFID tags, such as performance tests and security evaluations, is necessary to ensure inter-operational functional compatibility with standards. A survey of the literature shows that while standards that are around RFID performance tests have been addressed, but the same is not true for security evaluations. Therefore, in this paper, we introduce the Common Criteria security evaluation methodology, also known as ISO/IEC 15408, for the security evaluation of RFID tags and propose a framework as a minimal requirement for RFID tags to improve security assurance.

Roberts, C. M., Radio frequency identification (RFID). Comput Secur 25(1):18–26, 2006.CrossRef

Klaus, F., RFID handbook: fundamentals and applications in contactless smart cards and identification. Wiley, Second Edition, 2003.

Shim, H., Uh, Y., Lee, S. H., and Yoon, Y. R., A new specimen management system using RFID technology. Journal of Medical Systems, doi:10.1007/s10916-009-9417-z, Published online, Jan. 2010.

Rogers, A., Jones, E., and Oleynikov, D., Radio frequency identification (RFID) applied to surgical sponges. Surg Endosc 21:1235–1237, 2007.CrossRef

Della Vecchia, G., and Esposito, M., A pervasive system for nuclear medicine department. Wireless Pervasive Communications, doi:10.1007/s11277-009-9789-x, Published online, Jul. 2009.

Lai, C.-L., Chien, S.-W., Chang, L.-H., Chen, S.-C., Fang, K., Enhancing medication safety and healthcare for inpatients using RFID. Portland International Center for Management of Engineering Technology 2007, Proceedings on 7th PICMET 2007, pp. 2783–2790, Aug. 2007.

Yu, Y.-C., Should & how RFID system be evaluated against CC v3.1?. 8th International Common Criteria Conference, Sep, 2007.

ISO/IEC, 2006, Radio frequency Identification device performance test methods, ISO/IEC 18046:2006.

ISO/IEC, 2007, Radio frequency Identification device performance test methods—Part 3: Test methods for tag performance, ISO/IEC 18046-3:2007.

10.

ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 2: test methods for air interface communication at 135 KHz, ISO/IEC TR 18047-2:2006.

11.

ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 3: test methods for air interface communication at 13.56 MHz, ISO/IEC TR 18047-3:2006.

12.

ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 4: test methods for air interface communication at 2.54 GHz, ISO/IEC TR 18047-4:2004.

13.

ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 6: test methods for air interface communication at 860 MHz to 960 MHz, ISO/IEC TR 18047-6:2006.

14.

ISO/IEC, 2005, Radio frequency Identification device performance test methods—part 7: test methods for air interface communication at 433 MHz, ISO/IEC TR 18047-4:2004.

15.

Cugini, J., The common criteria: On the road to international harmonization. Comput Stand Interfaces 17(4):315–320, 1995.CrossRef

16.

ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 1: Introduction and general model, ISO/IEC 15408:2005.

17.

ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 2: Security Functional Requirements, ISO/IEC 15408:2005.

18.

ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 3: Security Assurance Requirements, ISO/IEC 15408:2005.

19.

Weis, S. A., Sarma, S. E., Rivest, R. L., and Engels, D. W., Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput 2802:201–212, 2004.CrossRef

20.

Chien, H.-Y., and Chen, C.-H., Mutual authentication protocol for RFID conforming to EPC Class-1 generation 2 Standard. Comput Stand Interface 29(2):254–259, 2007.MathSciNetCrossRef

21.

EPC™ Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz–960 MHz Version 1.0.9. EPCglobal Inc, 2005

22.

The EPCglobal Architecture Framework Version 1.2, EPCglobal Inc, Sep, 2007

23.

EPCglobal Certificate Profile Version 1.0.1, EPCglobal Inc, May, 2008.

24.

EPC Information Services (EPCIS) Version 1.0.1, EPCglobal Inc, Sep, 2007.

25.

Low Level Reader Protocol (LLRP), Version 1.0.1, EPCglobal Inc, Aug, 2007

26.

Reader Protocol Standard, Version 1.1, EPCglobal Inc, Jun, 2006.

27.

Cynthia, F., Information assurance technology framework, release 3.1. National Security Agency, Sep., 2002.

28.

Farn, K.-J., Lin, S.-K., and Lo, C.-C., A study on e-Taiwan information system, security classification and implementation. Comput Stand Interface 30(1–2):1–7, 2008.CrossRef

Title: Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment
Authors: Yao-Chang Yu
Ting-Wei Hou
Publication date: 01-06-2012
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 3/2012
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-010-9629-2

At a glance: The STEP trials

Springer Medicine

Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment

Abstract

At a glance: The STEP trials

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 3/2012

A Novel Web-enabled Healthcare Solution on HealthVault System

An Approach to Model Right Iliac Fossa Pain Using Pain-Only-Parameters for Screening Acute Appendicitis

Design and Development of EMR Supporting Medical Process Management

Integration of Footprints Information Systems in Palliative Care: The Case of Medical Center of Central Georgia

Intelligent Postoperative Morbidity Prediction of Heart Disease Using Artificial Intelligence Techniques

Progressive Visualization of Losslessly Compressed DICOM Files Over the Internet