Secure Communication Schemes over ISO/IEEE 11073-20601 for Smart Healthcare Service

Abstract

For advanced healthcare services, a variety of agents should maintain reliable connections with the manager and communicate personal health and medical information. The ISO/IEEE 11073 standards provide convenient interoperability and the optimized exchange protocol (OEP) supports efficient communication for devices. However, the standard does not specify secure communication, and sensitive personal information is easily exposed through attacks. Malicious attacks may lead to the worst results owing to service errors, service suspension, and deliberate delays. All possible attacks on the communication are analyzed in detail, and the damage is specifically identified. In this study, novel secure communication schemes over the 20601 OEP are proposed by introducing an authentication process while maintaining compatibility with existing devices. The agent performs a secure association with the manager for mutual authentication. However, communication with mutual authentication is not completely free from attacks. Message encryption schemes are proposed for concrete security. The authentication process and secure communication schemes between the secure registered agent (SRA) and the secure registered manager (SRM) are implemented and verified. The experimental analysis shows that the complexities of the SRA and SRM are not significantly different from those of the existing agent and manager.