A secure framework and related protocols for ubiquitous access to electronic health records using Java sim cards

Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the point-ofcare could possibly lead to a fatality. The U.S. Institute of Medicine has reported that between 44,000 and 98,000 people die each year due to medical errors, such as incorrect medication dosages, due to poor legibility in manual records, or delays in consolidating needed information to discern the proper intervention. In this research we propose employing emergent technologies such as Java SIM Cards (JSC), Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHR). A partial EHR contained within a JSC can be used at the point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Health Records Centre (EHRC) when time and network availability permit. Moreover, this framework and related protocols enable patients to give their explicit consent to a doctor to access their personal medical data, by using their Smart Phone, when the doctor needs to see or update the patient’s medical information during an examination. Also our proposed solution would give the power to patients to modify the Access Control List (ACL) related to their EHRs and view their EHRs through their Smart Phone. Currently, very limited research has been done on using JSCs and similar technologies as a portable repository of EHRs or on the specific security issues that are likely to arise when JSCs are used with ubiquitous access to EHRs. Previous research is concerned with using Medicare cards, a kind of Smart Card, as a repository of medical information at the patient point-of-care. However, this imposes some limitations on the patient’s emergency medical care, including the inability to detect the patient’s location, to call and send information to an emergency room automatically, and to interact with the patient in order to get consent. The aim of our framework and related protocols is to overcome these limitations by taking advantage of the SIM card and the technologies mentioned above. Briefly, our framework and related protocols will offer the full benefits of accessing an up-to-date, precise, and comprehensive medical history of a patient, whilst its mobility will provide ubiquitous access to medical and patient information everywhere it is needed. The objective of our framework and related protocols is to automate interactions between patients, healthcare providers and insurance organisations, increase patient safety, improve quality of care, and reduce the costs.

Design and analysis of group key exchange protocols

A group key exchange (GKE) protocol allows a set of parties to agree upon a common secret session key over a public network. In this thesis, we focus on designing efficient GKE protocols using public key techniques and appropriately revising security models for GKE protocols. For the purpose of modelling and analysing the security of GKE protocols we apply the widely accepted computational complexity approach. The contributions of the thesis to the area of GKE protocols are manifold. We propose the first GKE protocol that requires only one round of communication and is proven secure in the standard model. Our protocol is generically constructed from a key encapsulation mechanism (KEM). We also suggest an efficient KEM from the literature, which satisfies the underlying security notion, to instantiate the generic protocol. We then concentrate on enhancing the security of one-round GKE protocols. A new model of security for forward secure GKE protocols is introduced and a generic one-round GKE protocol with forward security is then presented. The security of this protocol is also proven in the standard model. We also propose an efficient forward secure encryption scheme that can be used to instantiate the generic GKE protocol. Our next contributions are to the security models of GKE protocols. We observe that the analysis of GKE protocols has not been as extensive as that of two-party key exchange protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for GKE protocols. We model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure against KCI attacks. A new proof of security for an existing GKE protocol is given under the revised model assuming random oracles. Subsequently, we treat the security of GKE protocols in the universal composability (UC) framework. We present a new UC ideal functionality for GKE protocols capturing the security attribute of contributiveness. An existing protocol with minor revisions is then shown to realize our functionality in the random oracle model. Finally, we explore the possibility of constructing GKE protocols in the attribute-based setting. We introduce the concept of attribute-based group key exchange (AB-GKE). A security model for AB-GKE and a one-round AB-GKE protocol satisfying our security notion are presented. The protocol is generically constructed from a new cryptographic primitive called encapsulation policy attribute-based KEM (EP-AB-KEM), which we introduce in this thesis. We also present a new EP-AB-KEM with a proof of security assuming generic groups and random oracles. The EP-AB-KEM can be used to instantiate our generic AB-GKE protocol.

The mobile phone as a multi OTP device using trusted computing

The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impact their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on giving the user a hardware token that generates one-time-passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this paper, we propose a scalable OTP solution using mobile phones and based on trusted computing technology that combines enhanced usability with strong security.

A secure framework and related protocols for ubiquitous access to electronic health records using Java SIM cards

Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the patient point-of-care could possibly lead to a fatality. In this paper we propose employing emergent technologies such as Java SIM Cards (JSC),Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHRs). A partial EHR contained within a JSC can be used at the patient point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Healthcare Records Centre (EHRC).

Focus-score weighted super-resolution for uncooperative iris recognition at a distance and on the move

Uncooperative iris identification systems at a distance and on the move often suffer from poor resolution and poor focus of the captured iris images. The lack of pixel resolution and well-focused images significantly degrades the iris recognition performance. This paper proposes a new approach to incorporate the focus score into a reconstruction-based super-resolution process to generate a high resolution iris image from a low resolution and focus inconsistent video sequence of an eye. A reconstruction-based technique, which can incorporate middle and high frequency components from multiple low resolution frames into one desired super-resolved frame without introducing false high frequency components, is used. A new focus assessment approach is proposed for uncooperative iris at a distance and on the move to improve performance for variations in lighting, size and occlusion. A novel fusion scheme is then proposed to incorporate the proposed focus score into the super-resolution process. The experiments conducted on the The Multiple Biometric Grand Challenge portal database shows that our proposed approach achieves an EER of 2.1%, outperforming the existing state-of-the-art averaging signal-level fusion approach by 19.2% and the robust mean super-resolution approach by 8.7%.

Axial length charges during accommodation in myopes and emmetropes

Purpose: To investigate the influence of accommodation upon axial length (and a comprehensive range of ocular biometric parameters), in populations of young adult myopic and emmetropic subjects. Methods: Forty young adult subjects had ocular biometry measured utilizing a non-contact optical biometer (Lenstar LS 900) based upon the principle of optical low coherence reflectometry, under three different accommodation demands (0 D, 3 D and 6 D). Subjects were classified as emmetropes (n=19) or myopes (n=21) based upon their spherical equivalent refraction (mean emmetropic refraction -0.05 ± 0.27DS and mean myopic refraction -1.82 ± 0.84 DS). Results: Axial length changed significantly with accommodation, with a mean increase of 11.9 ± 12.3 µm and 24.1 ± 22.7 µm for the 3 D and 6 D accommodation stimuli respectively. A significant axial elongation associated with accommodation was still evident even following correction of the axial length data for potential error due to lens thickness change. The mean ‘corrected’ increase in axial length was 5.2 ± 11.2 µm, and 7.4 ± 18.9 µm for the 3 D and 6 D stimuli respectively. There was no significant difference between the myopic and emmetropic populations in terms of the magnitude of change in axial length with accommodation, regardless of whether the data were corrected or not. A number of other ocular biometric parameters, such as anterior chamber depth, lens thickness and vitreous chamber depth also exhibited significant change with accommodation. The myopic and emmetropic populations also exhibited no significant difference in the magnitude of change in these parameters with accommodation. Conclusions: The eye undergoes a significant axial elongation associated with a brief period of accommodation, and the magnitude of this change in eye length increases for larger accommodation demands, however there is no significant difference in the magnitude of eye elongation in myopic and emmetropic subjects.

Mutual protection in a cloud computing environment

The term “cloud computing” has emerged as a major ICT trend and has been acknowledged by respected industry survey organizations as a key technology and market development theme for the industry and ICT users in 2010. However, one of the major challenges that faces the cloud computing concept and its global acceptance is how to secure and protect the data and processes that are the property of the user. The security of the cloud computing environment is a new research area requiring further development by both the academic and industrial research communities. Today, there are many diverse and uncoordinated efforts underway to address security issues in cloud computing and, especially, the identity management issues. This paper introduces an architecture for a new approach to necessary “mutual protection” in the cloud computing environment, based upon a concept of mutual trust and the specification of definable profiles in vector matrix form. The architecture aims to achieve better, more generic and flexible authentication, authorization and control, based on a concept of mutuality, within that cloud computing environment.

Thomas Young's contribution to visual optics : the Bakerian lecture "On the mechanism of the eye"

Thomas Young (1773-1829) carried out major pioneering work in many different subjects. In 1800 he gave the Bakerian Lecture of the Royal Society on the topic of the “mechanism of the eye”: this was published in the following year (Young, 1801). Young used his own design of optometer to measure refraction and accommodation, and discovered his own astigmatism. He considered the different possible origins of accommodation and confirmed that it was due to change in shape of the lens rather than to change in shape of the cornea or an increase in axial length. However, the paper also dealt with many other aspects of visual and ophthalmic optics, such as biometric parameters, peripheral refraction, longitudinal chromatic aberration, depth-of-focus and instrument myopia. These aspects of the paper have previously received little attention. We now give detailed consideration to these and other less-familiar features of Young’s work and conclude that his studies remain relevant to many of the topics which currently engage visual scientists.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis

Consuming authentic neighborhood : an autoethnography of experiencing a neighborhood's new beginnings and origins within its servicescapes

Purpose - This chapter examines individual and collective quests for authenticity, as experienced through consumption activities within an urban neighbourhood. It investigates the interplay between consumption experiences as authenticating acts and authoritative performances (Arnould and Price 2000), and considers the implications with regard to Zukin’s (2010) theories on urban authenticity, and how it may be experienced as new beginnings and origins. Methodology - The chapter is based on autoethnographic research that explores how interaction and identity definition within servicescapes can work to construct place-based community. Findings - It describes how a servicescape of new beginnings offered opportunities for individual authentication that also enabled personal identification with a specific cultural group. This authentication drew on the cultural capital embedded in such locations, including their association with gentrification. This is contrast with the collective identification offered by a servicescape operating as a place of exposure. This site of origins displayed the social practices of a different demographic, which worked to highlight a relational link between the authentication practices of the broader neighbourhood. These sites also worked cumulatively, to highlight the inauthenticities within my identification practices and offer opportunities for redress. Through this interplay it was possible to establish an authentic sense of neighbourhood that drew on its new beginnings and its origins, and was both individual and collective. Originality - Through the combination of urban and consumption-based perspectives of authenticity, and an autoethnographic methodology, this chapter offers a different insight into the ways identification with, and attachment to, a neighbourhood can develop through consumption experiences.

How HCI design influences web security decisions

Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.

An integrated approach to cryptographic mitigation of denial-of-service attacks

Gradual authentication is a principle proposed by Meadows as a way to tackle denial-of-service attacks on network protocols by gradually increasing the confidence in clients before the server commits resources. In this paper, we propose an efficient method that allows a defending server to authenticate its clients gradually with the help of some fast-to-verify measures. Our method integrates hash-based client puzzles along with a special class of digital signatures supporting fast verification. Our hash-based client puzzle provides finer granularity of difficulty and is proven secure in the puzzle difficulty model of Chen et al. (2009). We integrate this with the fast-verification digital signature scheme proposed by Bernstein (2000, 2008). These schemes can be up to 20 times faster for client authentication compared to RSA-based schemes. Our experimental results show that, in the Secure Sockets Layer (SSL) protocol, fast verification digital signatures can provide a 7% increase in connections per second compared to RSA signatures, and our integration of client puzzles with client authentication imposes no performance penalty on the server since puzzle verification is a part of signature verification.

The patella morphology in trochlear dysplasia : a comparative MRI study

BACKGROUND: Trochlear dysplasia is suspected to have a genetic basis and causes recurrent patellar instability due to insufficient anatomical geometry. Numerous studies about trochlear morphology and the optimal surgical treatment have been carried out, but no attention has been paid to the corresponding patellar morphology.----- ----- PURPOSE: The aim of this study was the evaluation of the patellar morphology in normal and trochlear dysplastic knees. ----- ----- STUDY DESIGN: Biometric analysis. ----- ----- METHODS: Twenty two patellae with underlying trochlear dysplasia (study group--SG) were compared with 22 matched knees with normal trochlear shape (control group--CG) on transverse and sagittal MRI slices. We compared transverse diameter, cartilaginous thickness, Wiberg-index and -angle, length and radius of lateral and medial facet, patellar shape and angle, retropatellar length, and type of trochlear dysplasia. For statistical analysis we used the Wilcoxon signed ranks test. ----- ----- RESULTS: The transverse and sagittal diameter, mean length of medial patellar facet, and mean cartilaginous and subchondral Wiberg-index showed statistical differences between the two groups. ----- ----- CONCLUSIONS: Although the insufficient trochlear depth and decreased lateral trochlear slope are responsible for patellofemoral instability, the patella shows morphological changes in trochlear dysplastic knees. Its overall size and the medial facet are smaller. Although the femoral sulcus angle is larger, the Wiberg-angle and -index are equal to the control group. This may indicate that the patellar morphology may not be a result of missing medial patellofemoral pressure in trochlear dysplastic knees, but a decreased medial patellofemoral traction. This seems to be caused by hypotrophic medial patellofemoral restraints in combination with an increased lateral patellar tilt, both resulting in a decreased tension onto the medial patella facet. Whether there is a genetic component to the patellar morphology remains open.

Feature-domain super-resolution for IRIS recognition

Uncooperative iris identification systems at a distance suffer from poor resolution of the captured iris images, which significantly degrades iris recognition performance. Superresolution techniques have been employed to enhance the resolution of iris images and improve the recognition performance. However, all existing super-resolution approaches proposed for the iris biometric super-resolve pixel intensity values. This paper considers transferring super-resolution of iris images from the intensity domain to the feature domain. By directly super-resolving only the features essential for recognition, and by incorporating domain specific information from iris models, improved recognition performance compared to pixel domain super-resolution can be achieved. This is the first paper to investigate the possibility of feature domain super-resolution for iris recognition, and experiments confirm the validity of the proposed approach.