Displaying publications 61 - 80 of 88 in total

Abstract:
Sort:
  1. Fulltext Trusted computing strengthens cloud authentication
    Ghazizadeh E, Zamani M, Ab Manan JL, Alizadeh M
    ScientificWorldJournal, 2014;2014:260187.
    PMID: 24701149 DOI: 10.1155/2014/260187
    Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model.
    Matched MeSH terms: Computer Security/standards*; Computer Security/trends
  2. Fulltext Seluge++: a secure over-the-air programming scheme in wireless sensor networks
    Doroodgar F, Abdur Razzaque M, Isnin IF
    Sensors (Basel), 2014;14(3):5004-40.
    PMID: 24618781 DOI: 10.3390/s140305004
    Over-the-air dissemination of code updates in wireless sensor networks have been researchers' point of interest in the last few years, and, more importantly, security challenges toward the remote propagation of code updating have occupied the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strength, having their concentration on the constrained nature of wireless sensor network (WSN) nodes. For authentication purposes, most of them have used a Merkle hash tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be at a standard level. Therefore, they have not investigated the tree structure for mission-critical situations in which security has to be at the maximum possible level (e.g., military applications, healthcare). Considering this, we investigate existing security models used in over-the-air dissemination of code updates for possible vulnerabilities, and then, we provide a set of countermeasures, correspondingly named Security Model Requirements. Based on the investigation, we concentrate on Seluge, one of the existing over-the-air programming schemes, and we propose an improved version of it, named Seluge++, which complies with the Security Model Requirements and replaces the use of the inefficient Merkle tree with a novel method. Analytical and simulation results show the improvements in Seluge++ compared to Seluge.
    Matched MeSH terms: Computer Security
  3. Fulltext Can dynamic consent facilitate the protection of biomedical big data in biobanking in Malaysia?
    Abdul Aziz MF, Mohd Yusof AN
    Asian Bioeth Rev, 2019 Jun;11(2):209-222.
    PMID: 33717312 DOI: 10.1007/s41649-019-00086-2
    As with many other countries, Malaysia is also developing and promoting biomedical research to increase the understanding of human diseases and possible interventions. To facilitate this development, there is a significant growth of biobanks in the country to ensure continuous collection of biological samples for future research, which contain extremely important personal information and health data of the participants involved. Given the vast amount of samples and data accumulated by biobanks, they can be considered as reservoirs of precious biomedical big data. It is therefore imperative for biobanks to have in place regulatory measures to ensure ethical use of the biomedical big data. Malaysia has yet to introduce specific legislation for the field of biobanking. However, it can be argued that its existing Personal Data Protection Act 2010 (PDPA) has laid down legal principles that can be enforced to protect biomedical big data generated by the biobanks. Consent is a mechanism to enable data subjects to exercise their autonomy by determining how their data can be used and ensure compliance with legal principles. However, there are two main concerns surrounding the current practice of consent in biomedical big data in Malaysia. First, it is uncertain that the current practice would be able to respect the underlying notion of autonomy, and second, it is not in accordance with the legal principles of the PDPA. Scholars have deliberated on different strategies of informed consent, and a more interactive approach has recently been introduced: dynamic consent. It is argued that a dynamic consent approach would be able to address these concerns.
    Matched MeSH terms: Computer Security
  4. Fulltext Cloud Security Pre-assessment Model For Cloud Service Provider Based On ISO/IEC 27017:2015 Additional Control
    Nur Ahada Kamaruddin, Ibrahim Mohamed, Ahmad Dahari Jarno, Maslina Daud
    International Journal of Innovation and Industrial Revolution, 2020;2(5):1-17.
    MyJurnal
    Cloud computing technology has succeeded in attracting the interest of both academics and industries because of its ability to provide flexible, cost-effective, and adaptable services in IT solution deployment. The services offered to Cloud Service Subscriber (CSS) are based on the concept of on-demand self-service, scalability, and rapid elasticity, which allows fast deployment of IT solutions, whilst leads to possible misconfiguration, un-patched system, etc. which, allows security threats to compromise the cloud services operations. From the viewpoint of Cloud Service Provider (CSP), incidents such as data loss and information breach, will tarnish their reputations, whilst allow them to conserve the issues internally, in which there is no transparency between CSP and CSS. In the aspects of information security, CSP is encouraged to practice cybersecurity in their cloud services by adopting ISO/IEC27017:2015 inclusive of all additional security controls as mandatory requirements. This study was conducted to identify factors that are influencing the CSP readiness level in the cybersecurity implementation of their cloud services by leveraging the developed pre-assessment model to determine the level of cloud security readiness. Approached the study is based on the combination of qualitative and quantitative assessment method in validating the proposed model through interview and prototype testing. The findings of this study had shown that factors that influence the CSP level of cloud security readiness are based on these domains; technology, organisation, policy, stakeholders, culture, knowledge, and environment. The contribution of the study as a Pre-Assessment Model for CSP which is suitable to be used as a guideline to provide a safer cloud computing environment.
    Matched MeSH terms: Computer Security
  5. Fulltext Review of cyber security applications in nuclear power plants
    Muhammad Adil Khattak, Muhammad Khairy Harmaini Shaharuddin, Muhammad Saiful Islam Haris, Muhammad Zuhaili Mohammad Aminuddin, Nik Mohamad Amirul Nik Azhar, Nik Muhammad Hakimi Nik Ahmad
    Journal of Advanced Research in Applied Sciences and Engineering Technology, 2017;7(1):43-54.
    MyJurnal
    It is essential to ensure the nuclear power plant system are not compromise and avoid
    failure that can result in significant economic loss and physical damage to the public.
    However, a very little attention was given to software and cybersecurity hazard. This
    review paper discusses about the cybersecurity in nuclear power plant, history of
    accident, implementation and future plan on cybersecurity deeply. About 51 published
    studies (2006-2017) are reviewed in this paper. It is marked from the literature survey
    articles that it is important for the cybersecurity of a nuclear power plant to be at par
    with the evolution of hardware and software and to counter the increasing risk on
    cyber vulnerabilities. Moreover, it should be addressed as a concern and major priority
    for researches and policy-makers.
    Matched MeSH terms: Computer Security
  6. Fulltext Determinants of the willingness to participate in biobanking among Malaysian stakeholders in the Klang Valley
    Amin L, Hashim H, Mahadi Z, Ismail K
    BMC Med Res Methodol, 2018 12 05;18(1):163.
    PMID: 30518344 DOI: 10.1186/s12874-018-0619-2
    BACKGROUND: The demand in biobanking for the collection and maintenance of biological specimens and personal data from civilians to improve the prevention, diagnosis and treatment of diseases has increased notably. Despite the advancement, certain issues, specifically those related to privacy and data protection, have been critically discussed. The purposes of this study are to assess the willingness of stakeholders to participate in biobanking and to determine its predictors.

    METHODS: A survey of 469 respondents from various stakeholder groups in the Klang Valley region of Malaysia was carried out. Based on previous research, a multi-dimensional instrument measuring willingness to participate in biobanking, and its predictors, was constructed and validated. A single step Structural Equation Modelling was performed to analyse the measurements and structural model using the International Business Machines Corporation Software Package for Social Sciences, Analysis of Moment Structures (IBM SPSS Amos) version 20 with a maximum likelihood function.

    RESULTS: Malaysian stakeholders in the Klang Valley were found to be cautious of biobanks. Although they perceived the biobanks as moderately beneficial (mean score of 4.65) and were moderately willing to participate in biobanking (mean score of 4.10), they professed moderate concern about data and specimen protection issues (mean score of 4.33). Willingness to participate in biobanking was predominantly determined by four direct predictors: specific application-linked perceptions of their benefits (β = 0.35, p 
    Matched MeSH terms: Computer Security
  7. Fulltext Clone tag detection in distributed RFID systems
    Kamaludin H, Mahdin H, Abawajy JH
    PLoS One, 2018;13(3):e0193951.
    PMID: 29565982 DOI: 10.1371/journal.pone.0193951
    Although Radio Frequency Identification (RFID) is poised to displace barcodes, security vulnerabilities pose serious challenges for global adoption of the RFID technology. Specifically, RFID tags are prone to basic cloning and counterfeiting security attacks. A successful cloning of the RFID tags in many commercial applications can lead to many serious problems such as financial losses, brand damage, safety and health of the public. With many industries such as pharmaceutical and businesses deploying RFID technology with a variety of products, it is important to tackle RFID tag cloning problem and improve the resistance of the RFID systems. To this end, we propose an approach for detecting cloned RFID tags in RFID systems with high detection accuracy and minimal overhead thus overcoming practical challenges in existing approaches. The proposed approach is based on consistency of dual hash collisions and modified count-min sketch vector. We evaluated the proposed approach through extensive experiments and compared it with existing baseline approaches in terms of execution time and detection accuracy under varying RFID tag cloning ratio. The results of the experiments show that the proposed approach outperforms the baseline approaches in cloned RFID tag detection accuracy.
    Matched MeSH terms: Computer Security
  8. Fulltext Secured and Privacy-Preserving Multi-Authority Access Control System for Cloud-Based Healthcare Data Sharing
    Gupta R, Kanungo P, Dagdee N, Madhu G, Sahoo KS, Jhanjhi NZ, et al.
    Sensors (Basel), 2023 Feb 27;23(5).
    PMID: 36904822 DOI: 10.3390/s23052617
    With continuous advancements in Internet technology and the increased use of cryptographic techniques, the cloud has become the obvious choice for data sharing. Generally, the data are outsourced to cloud storage servers in encrypted form. Access control methods can be used on encrypted outsourced data to facilitate and regulate access. Multi-authority attribute-based encryption is a propitious technique to control who can access encrypted data in inter-domain applications such as sharing data between organizations, sharing data in healthcare, etc. The data owner may require the flexibility to share the data with known and unknown users. The known or closed-domain users may be internal employees of the organization, and unknown or open-domain users may be outside agencies, third-party users, etc. In the case of closed-domain users, the data owner becomes the key issuing authority, and in the case of open-domain users, various established attribute authorities perform the task of key issuance. Privacy preservation is also a crucial requirement in cloud-based data-sharing systems. This work proposes the SP-MAACS scheme, a secure and privacy-preserving multi-authority access control system for cloud-based healthcare data sharing. Both open and closed domain users are considered, and policy privacy is ensured by only disclosing the names of policy attributes. The values of the attributes are kept hidden. Characteristic comparison with similar existing schemes shows that our scheme simultaneously provides features such as multi-authority setting, expressive and flexible access policy structure, privacy preservation, and scalability. The performance analysis carried out by us shows that the decryption cost is reasonable enough. Furthermore, the scheme is demonstrated to be adaptively secure under the standard model.
    Matched MeSH terms: Computer Security
  9. Fulltext A chaotic cryptosystem for images based on Henon and Arnold cat map
    Soleymani A, Nordin MJ, Sundararajan E
    ScientificWorldJournal, 2014;2014:536930.
    PMID: 25258724 DOI: 10.1155/2014/536930
    The rapid evolution of imaging and communication technologies has transformed images into a widespread data type. Different types of data, such as personal medical information, official correspondence, or governmental and military documents, are saved and transmitted in the form of images over public networks. Hence, a fast and secure cryptosystem is needed for high-resolution images. In this paper, a novel encryption scheme is presented for securing images based on Arnold cat and Henon chaotic maps. The scheme uses Arnold cat map for bit- and pixel-level permutations on plain and secret images, while Henon map creates secret images and specific parameters for the permutations. Both the encryption and decryption processes are explained, formulated, and graphically presented. The results of security analysis of five different images demonstrate the strength of the proposed cryptosystem against statistical, brute force and differential attacks. The evaluated running time for both encryption and decryption processes guarantee that the cryptosystem can work effectively in real-time applications.
    Matched MeSH terms: Computer Security*
  10. Evaluation of medical image watermarking with tamper detection and recovery (AW-TDR)
    Zain JM, Fauzi AR
    Annu Int Conf IEEE Eng Med Biol Soc, 2007;2007:5662-5.
    PMID: 18003297
    This paper will study and evaluate watermarking technique by Zain and Fauzi [1]. Recommendations will then be made to enhance the technique especially in the aspect of recovery or reconstruction rate for medical images. A proposal will also be made for a better distribution of watermark to minimize the distortion of the Region of Interest (ROI). The final proposal will enhance AW-TDR in three aspects; firstly the image quality in the ROI will be improved as the maximum change is only 2 bits in every 4 pixels, or embedding rate of 0.5 bits/pixel. Secondly the recovery rate will also be better since the recovery bits are located outside the region of interest. The disadvantage in this is that, only manipulation done in the ROI will be detected. Thirdly the quality of the reconstructed image will be enhanced since the average of 2 x 2 pixels would be used to reconstruct the tampered image.
    Matched MeSH terms: Computer Security*
  11. Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs
    Teoh AB, Goh A, Ngo DC
    IEEE Trans Pattern Anal Mach Intell, 2006 Dec;28(12):1892-901.
    PMID: 17108365
    Biometric analysis for identity verification is becoming a widespread reality. Such implementations necessitate large-scale capture and storage of biometric data, which raises serious issues in terms of data privacy and (if such data is compromised) identity theft. These problems stem from the essential permanence of biometric data, which (unlike secret passwords or physical tokens) cannot be refreshed or reissued if compromised. Our previously presented biometric-hash framework prescribes the integration of external (password or token-derived) randomness with user-specific biometrics, resulting in bitstring outputs with security characteristics (i.e., noninvertibility) comparable to cryptographic ciphers or hashes. The resultant BioHashes are hence cancellable, i.e., straightforwardly revoked and reissued (via refreshed password or reissued token) if compromised. BioHashing furthermore enhances recognition effectiveness, which is explained in this paper as arising from the Random Multispace Quantization (RMQ) of biometric and external random inputs.
    Matched MeSH terms: Computer Security*
  12. The Malaysian Telehealth Flagship Application: a national approach to health data protection and utilisation and consumer rights
    Mohan J, Razali Raja Yaacob R
    Int J Med Inform, 2004 Mar 31;73(3):217-27.
    PMID: 15066550
    Telehealth refers to the integration of information, telecommunication, human-machine interface technologies and health technologies to deliver health care, to promote the heath status of the people and to create health. The Malaysian Telehealth Application will, on completion, provide every resident of the country an electronic Lifetime Health Record (LHR) and Lifetime Health Plan (LHP). He or she will also hold a smart card that will contain a subset of the data in the Lifetime Health Record. These will be the means by which Malaysians will receive "seamless continuous quality care" across a range of health facilities and health care providers, and by which Malaysia's health goal of a nation of "healthy individuals, families and communities" is achieved. The challenges to security and privacy in providing access to an electronic Lifetime Health Record at private and government health facilities and to the electronic Lifetime Health Plan at homes of consumers require not only technical mechanisms but also national policies and practices addressing threats while facilitating access to health data during health encounters in different care settings. Organisational policies establish the goals that technical mechanisms serve. They should outline appropriate uses and access to information, create mechanisms for preventing and detecting violations, and set sanctions for violations. Some interesting innovations have been used to address these issues against the background of the launching of the multimedia supercorridor (MSC) in Malaysia.
    Matched MeSH terms: Computer Security*
  13. Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management
    Firdaus A, Anuar NB, Razak MFA, Hashem IAT, Bachok S, Sangaiah AK
    J Med Syst, 2018 May 04;42(6):112.
    PMID: 29728780 DOI: 10.1007/s10916-018-0966-x
    The increasing demand for Android mobile devices and blockchain has motivated malware creators to develop mobile malware to compromise the blockchain. Although the blockchain is secure, attackers have managed to gain access into the blockchain as legal users, thereby comprising important and crucial information. Examples of mobile malware include root exploit, botnets, and Trojans and root exploit is one of the most dangerous malware. It compromises the operating system kernel in order to gain root privileges which are then used by attackers to bypass the security mechanisms, to gain complete control of the operating system, to install other possible types of malware to the devices, and finally, to steal victims' private keys linked to the blockchain. For the purpose of maximizing the security of the blockchain-based medical data management (BMDM), it is crucial to investigate the novel features and approaches contained in root exploit malware. This study proposes to use the bio-inspired method of practical swarm optimization (PSO) which automatically select the exclusive features that contain the novel android debug bridge (ADB). This study also adopts boosting (adaboost, realadaboost, logitboost, and multiboost) to enhance the machine learning prediction that detects unknown root exploit, and scrutinized three categories of features including (1) system command, (2) directory path and (3) code-based. The evaluation gathered from this study suggests a marked accuracy value of 93% with Logitboost in the simulation. Logitboost also helped to predicted all the root exploit samples in our developed system, the root exploit detection system (RODS).
    Matched MeSH terms: Computer Security*
  14. Smart Home-based IoT for Real-time and Secure Remote Health Monitoring of Triage and Priority System using Body Sensors: Multi-driven Systematic Review
    Talal M, Zaidan AA, Zaidan BB, Albahri AS, Alamoodi AH, Albahri OS, et al.
    J Med Syst, 2019 Jan 15;43(3):42.
    PMID: 30648217 DOI: 10.1007/s10916-019-1158-z
    The Internet of Things (IoT) has been identified in various applications across different domains, such as in the healthcare sector. IoT has also been recognised for its revolution in reshaping modern healthcare with aspiring wide range prospects, including economical, technological and social. This study aims to establish IoT-based smart home security solutions for real-time health monitoring technologies in telemedicine architecture. A multilayer taxonomy is driven and conducted in this study. In the first layer, a comprehensive analysis on telemedicine, which focuses on the client and server sides, shows that other studies associated with IoT-based smart home applications have several limitations that remain unaddressed. Particularly, remote patient monitoring in healthcare applications presents various facilities and benefits by adopting IoT-based smart home technologies without compromising the security requirements and potentially large number of risks. An extensive search is conducted to identify articles that handle these issues, related applications are comprehensively reviewed and a coherent taxonomy for these articles is established. A total number of (n = 3064) are gathered between 2007 and 2017 for most reliable databases, such as ScienceDirect, Web of Science and Institute of Electrical and Electronic Engineer Xplore databases. Then, the articles based on IoT studies that are associated with telemedicine applications are filtered. Nine articles are selected and classified into two categories. The first category, which accounts for 22.22% (n = 2/9), includes surveys on telemedicine articles and their applications. The second category, which accounts for 77.78% (n = 7/9), includes articles on the client and server sides of telemedicine architecture. The collected studies reveal the essential requirement in constructing another taxonomy layer and review IoT-based smart home security studies. Therefore, IoT-based smart home security features are introduced and analysed in the second layer. The security of smart home design based on IoT applications is an aspect that represents a crucial matter for general occupants of smart homes, in which studies are required to provide a better solution with patient security, privacy protection and security of users' entities from being stolen or compromised. Innovative technologies have dispersed limitations related to this matter. The existing gaps and trends in this area should be investigated to provide valuable visions for technical environments and researchers. Thus, 67 articles are obtained in the second layer of our taxonomy and are classified into six categories. In the first category, 25.37% (n = 17/67) of the articles focus on architecture design. In the second category, 17.91% (n = 12/67) includes security analysis articles that investigate the research status in the security area of IoT-based smart home applications. In the third category, 10.44% (n = 7/67) includes articles about security schemes. In the fourth category, 17.91% (n = 12/67) comprises security examination. In the fifth category, 13.43% (n = 9/67) analyses security protocols. In the final category, 14.92% (n = 10/67) analyses the security framework. Then, the identified basic characteristics of this emerging field are presented and provided in the following aspects. Open challenges experienced on the development of IoT-based smart home security are addressed to be adopted fully in telemedicine applications. Then, the requirements are provided to increase researcher's interest in this study area. On this basis, a number of recommendations for different parties are described to provide insights on the next steps that should be considered to enhance the security of smart homes based on IoT. A map matching for both taxonomies is developed in this study to determine the novel risks and benefits of IoT-based smart home security for real-time remote health monitoring within client and server sides in telemedicine applications.
    Matched MeSH terms: Computer Security/standards*
  15. The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran
    Shahri AB, Ismail Z, Mohanna S
    J Med Syst, 2016 Nov;40(11):241.
    PMID: 27681101
    The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.
    Matched MeSH terms: Computer Security*
  16. Indirect effect of management support on users' compliance behaviour towards information security policies
    Humaidi N, Balakrishnan V
    Health Inf Manag, 2018 Jan;47(1):17-27.
    PMID: 28537207 DOI: 10.1177/1833358317700255
    BACKGROUND: Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk.

    OBJECTIVE: The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment.

    METHOD: Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs.

    RESULTS: Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study.

    CONCLUSION: The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management-user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.

    Matched MeSH terms: Computer Security*
  17. Real-Time Remote Health Monitoring Systems Using Body Sensor Information and Finger Vein Biometric Verification: A Multi-Layer Systematic Review
    Mohsin AH, Zaidan AA, Zaidan BB, Albahri AS, Albahri OS, Alsalem MA, et al.
    J Med Syst, 2018 Oct 16;42(12):238.
    PMID: 30327939 DOI: 10.1007/s10916-018-1104-5
    The development of wireless body area sensor networks is imperative for modern telemedicine. However, attackers and cybercriminals are gradually becoming aware in attacking telemedicine systems, and the black market value of protected health information has the highest price nowadays. Security remains a formidable challenge to be resolved. Intelligent home environments make up one of the major application areas of pervasive computing. Security and privacy are the two most important issues in the remote monitoring and control of intelligent home environments for clients and servers in telemedicine architecture. The personal authentication approach that uses the finger vein pattern is a newly investigated biometric technique. This type of biometric has many advantages over other types (explained in detail later on) and is suitable for different human categories and ages. This study aims to establish a secure verification method for real-time monitoring systems to be used for the authentication of patients and other members who are working in telemedicine systems. The process begins with the sensor based on Tiers 1 and 2 (client side) in the telemedicine architecture and ends with patient verification in Tier 3 (server side) via finger vein biometric technology to ensure patient security on both sides. Multilayer taxonomy is conducted in this research to attain the study's goal. In the first layer, real-time remote monitoring studies based on the sensor technology used in telemedicine applications are reviewed and analysed to provide researchers a clear vision of security and privacy based on sensors in telemedicine. An extensive search is conducted to identify articles that deal with security and privacy issues, related applications are reviewed comprehensively and a coherent taxonomy of these articles is established. ScienceDirect, IEEE Xplore and Web of Science databases are checked for articles on mHealth in telemedicine based on sensors. A total of 3064 papers are collected from 2007 to 2017. The retrieved articles are filtered according to the security and privacy of telemedicine applications based on sensors. Nineteen articles are selected and classified into two categories. The first category, which accounts for 57.89% (n = 11/19), includes surveys on telemedicine articles and their applications. The second category, accounting for 42.1% (n = 8/19), includes articles on the three-tiered architecture of telemedicine. The collected studies reveal the essential need to construct another taxonomy layer and review studies on finger vein biometric verification systems. This map-matching for both taxonomies is developed for this study to go deeply into the sensor field and determine novel risks and benefits for patient security and privacy on client and server sides in telemedicine applications. In the second layer of our taxonomy, the literature on finger vein biometric verification systems is analysed and reviewed. In this layer, we obtain a final set of 65 articles classified into four categories. In the first category, 80% (n = 52/65) of the articles focus on development and design. In the second category, 12.30% (n = 8/65) includes evaluation and comparative articles. These articles are not intensively included in our literature analysis. In the third category, 4.61% (n = 3/65) includes articles about analytical studies. In the fourth category, 3.07% (n = 2/65) comprises reviews and surveys. This study aims to provide researchers with an up-to-date overview of studies that have been conducted on (user/patient) authentication to enhance the security level in telemedicine or any information system. In the current study, taxonomy is presented by explaining previous studies. Moreover, this review highlights the motivations, challenges and recommendations related to finger vein biometric verification systems and determines the gaps in this research direction (protection of finger vein templates in real time), which represent a new research direction in this area.
    Matched MeSH terms: Computer Security*
  18. Fulltext DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network
    Al-Ani AK, Anbar M, Manickam S, Al-Ani A
    PLoS One, 2019;14(4):e0214518.
    PMID: 30939154 DOI: 10.1371/journal.pone.0214518
    An efficiently unlimited address space is provided by Internet Protocol version 6 (IPv6). It aims to accommodate thousands of hundreds of unique devices on a similar link. This can be achieved through the Duplicate Address Detection (DAD) process. It is considered one of the core IPv6 network's functions. It is implemented to make sure that IP addresses do not conflict with each other on the same link. However, IPv6 design's functions are exposed to security threats like the DAD process, which is vulnerable to Denial of Service (DoS) attack. Such a threat prevents the host from configuring its IP address by responding to each Neighbor Solicitation (NS) through fake Neighbor Advertisement (NA). Various mechanisms have been proposed to secure the IPv6 DAD procedure. The proposed mechanisms, however, suffer from complexity, high processing time, and the consumption of more resources. The experiments-based findings revealed that all the existing mechanisms had failed to secure the IPv6 DAD process. Therefore, DAD-match security technique is proposed in this study to efficiently secure the DAD process consuming less processing time. DAD-match is built based on SHA-3 to hide the exchange tentative IP among hosts throughout the process of DAD in an IPv6 link-local network. The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks. The findings concluded that the DAD-match technique effectively prevents the DoS attack during the DAD process. The DAD-match technique is implemented on a small area IPv6 network; hence, the author future work is to implement and test the DAD-match technique on a large area IPv6 network.
    Matched MeSH terms: Computer Security*
  19. Determinants of RFID adoption in Malaysia's healthcare industry: occupational level as a moderator
    Zailani S, Iranmanesh M, Nikbin D, Beng JK
    J Med Syst, 2015 Jan;39(1):172.
    PMID: 25503418 DOI: 10.1007/s10916-014-0172-4
    With today's highly competitive market in the healthcare industry, Radio Frequency Identification (RFID) is a technology that can be applied by hospitals to improve operational efficiency and to gain a competitive advantage over their competitors. The purpose of this study is to investigate the factors that may effect RFID adoption in Malaysia's healthcare industry. In addition, the moderating role of occupational level was tested. Data was collected from 223 managers as well as healthcare and supporting staffs. This data was analyzed using the partial least squares technique. The results show that perceived ease of use and usefulness, government policy, top management support, and security and privacy concerns have an effect on the intent to adopt RFID in hospitals. There is a wide gap between managers and healthcare staff in terms of the factors that influence RFID adoption. The results of this study will help decision makers as well as managers in the healthcare industry to better understand the determinants of RFID adoption. Additionally, it will assist in the process of RFID adoption, and therefore, spread the usage of RFID technology in more hospitals.
    Matched MeSH terms: Computer Security
  20. A security framework for nationwide health information exchange based on telehealth strategy
    Zaidan BB, Haiqi A, Zaidan AA, Abdulnabi M, Kiah ML, Muzamel H
    J Med Syst, 2015 May;39(5):51.
    PMID: 25732083 DOI: 10.1007/s10916-015-0235-1
    This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.
    Matched MeSH terms: Computer Security
Related Terms
Filters
Contact Us

Please provide feedback to Administrator (afdal@afpm.org.my)

External Links