wireless communication technologies Smart healthcare systems to monitor the health of patients in real time Security problems in these systems Invasion of health data privacy Security vulnerabilities of password building Password strength evaluation method INTRODUCTION Sensors are deployed in a variety of ways Installed at home, offices, and public facilities Being attached to clothes Wearable accessories These are to sense Position Motion Changes in vital signs of patients Contd… Transferred to the medical database Shared by healthcare providers Researchers Government agencies insurance companies patients Contd… There are three main security problems 1. The diversification of attackers 2. The diversity of intrusion methods 3. Specialization of attack methods Overview of the Smart Healthcare System Deployment of system option depends on the particular requirements or conditions sensor network topology Number of potential users Available resources Often based on the client-server architecture Contd… Contd… Parts of the system Data center – Server Data acquisition unit – Client Data sources Field control unit Links Contd… Data sources include, but are not limited to, the sensor nodes blood pressure heart rate blood sugar pulse rate brain activity Temperature humidity Contd… estimation of specific types of motion Translation Tilt Shake Rotation Swing Contd… field control unit controls and manages Plurality of healthcare data sources Integrate healthcare data Make unified format conversion Preliminary data analysis Contd… Data source transfers data to the field control unit in Wired (CAN,HART) Wireless (Zigbee) field control unit connected to Internet by wired or wireless means Bluetooth WiFi Zigbee mobile communication network WiMAX Contd… main functions of the cloud data center Data storage video data storage, image data storage, structured data storage, semi-structured data storage Data management Data index, data fusion, data analysis, data display Data security protection data encryption, sensitive data isolation, access control, rights management, backup recovery, audit logs Security Threats of Connected Smart Healthcare Passive Attack Side-channel attack Keylogging Touchlogging Active Attack denial of service (DoS) Password Security for Identity Authentication of a Healthcare System Identity authentication is the basic means to protect information security Text password is simple to use low-cost easy to deploy widely used authentication method Security Vulnerabilities of Password Building
Construct a Password with Preference
Password Reuse Password Building Based on Personal Information Password Attack Based on Social Engineering Contd… After analyzing the passwords contained in 12306 28.3 % - birthdays 25.7% - account names 20.5% - names 13.85% - email addresses 2.5% - ID numbers 1.6% - mobile phone numbers Password Strength Evaluation Most information management systems use certain password strength meters (PSMs) Password strength evaluators can be divided into Rule-based length and type of the contained characters Pattern-based keyboard order,first letter case, sequential character pattern Attack based the number of guesses and the time required for cracking Proposed Password Strength Evaluation Method Design Method includes Personal information classification Label processing based on the context-free grammar personal identification information not only comes from the user’s input, but also through site crawler, cross-site information utilization, disclosed datasets, and other ways Contd… Contd… This method based on personal information is divided into three stages Personal information collection stage Classification and tagging stage Password strength value calculation stage Personal Information Collection Stage User registers a website service Website extracts the impact factor fields from user filled personal information Used to build the user’s password Some personal information used to directly build password Name or birthday While others are used indirectly Gender and educational level Contd… the user’s registration information could be analyzed and extracted with reference to leaked related datasets To some extent, it can resist the guessing attack based on cross-station reuse Classification And Tagging Stage Extended PCFG algorithm is used to classify the collected personal information into the letter segment L the digit segment D the special character segment S Contd… According to their influence degrees, the personal information is divided into Major influence factor Secondary influence factor Password Strength Value Calculation Stage First consider detecting the actual variation of one of the impact factor label values in each field category If any label value is detected, it continues to consider the impact factor’s coverage length value based on the sliding window The greater coverage value indicates that the greater impact factor of the personal information, the weaker the strength of the password