FAP_HIS: A Simple Fuzzy-Vault Based Authentication Protocol for RFID-Enabled Healthcare Information System against Unauthorised Tracking

摘要

With the merits of the radio frequency identification (RFID) technology such as automatic wireless identification without direct eye-sight contact, RFID-enabled healthcare information system can automatically acquire information related to the movement of specific patient or some important medical objects (e.g. blood bag) which is critical to be used for either a possible auxiliary treatment of some disease or an effective measure against improper operations of medical objects out of the eye-sight of the authenticated people. However, since the data within the RFID tags can be easily dumped using a reader of high power, malicious attackers can also track the patients or the objects, acquire the related information, and further infer the sensitive data with data mining techniques, causing the privacy breach of the patients and/or critical medical event if some urgent blood bag were replaced with an invalid one. In this paper we propose a simple fuzzy-vault based authentication protocol which separates the RFID tag ID into two parts using a fuzzy vault technique so that the unauthorized party is unable to infer the true ID simply by tracking the RFID tag. We explored the implementation of the conventional cryptographic construct, fuzzy vault, with the RFID tag data, and the authentication protocol is presented and its effectiveness is proven theoretically.