-
Unleashing the Power of Electrocardiograms: A novel approach for Patient Identification in Healthcare Systems with ECG Signals
Authors:
Caterina Fuster-Barceló,
Carmen Cámara,
Pedro Peris-López
Abstract:
Over the course of the past two decades, a substantial body of research has substantiated the viability of utilising cardiac signals as a biometric modality. This paper presents a novel approach for patient identification in healthcare systems using electrocardiogram signals. A convolutional neural network is used to classify users based on images extracted from ECG signals. The proposed identific…
▽ More
Over the course of the past two decades, a substantial body of research has substantiated the viability of utilising cardiac signals as a biometric modality. This paper presents a novel approach for patient identification in healthcare systems using electrocardiogram signals. A convolutional neural network is used to classify users based on images extracted from ECG signals. The proposed identification system is evaluated in multiple databases, providing a comprehensive understanding of its potential in real-world scenarios. The impact of Cardiovascular Diseases on generic user identification has been largely overlooked in previous studies. The presented method takes into account the cardiovascular condition of the patients, ensuring that the results obtained are not biased or limited. Furthermore, the results obtained are consistent and reliable, with lower error rates and higher accuracy metrics, as demonstrated through extensive experimentation. All these features make the proposed method a valuable contribution to the field of patient identification in healthcare systems, and make it a strong contender for practical applications.
△ Less
Submitted 6 July, 2023; v1 submitted 13 February, 2023;
originally announced February 2023.
-
Full-Resilient Memory-Optimum Multi-Party Non-Interactive Key Exchange
Authors:
Majid Salimi,
Hamid Mala,
Honorio Martin,
Pedro Peris-Lopez
Abstract:
Multi-Party Non-Interactive Key Exchange (MP-NIKE) is a fundamental cryptographic primitive in which users register into a key generation centre and receive a public/private key pair each. After that, any subset of these users can compute a shared key without any interaction. Nowadays, IoT devices suffer from a high number and large size of messages exchanged in the Key Management Protocol (KMP).…
▽ More
Multi-Party Non-Interactive Key Exchange (MP-NIKE) is a fundamental cryptographic primitive in which users register into a key generation centre and receive a public/private key pair each. After that, any subset of these users can compute a shared key without any interaction. Nowadays, IoT devices suffer from a high number and large size of messages exchanged in the Key Management Protocol (KMP). To overcome this, an MP-NIKE scheme can eliminate the airtime and latency of messages transferred between IoT devices. MP-NIKE schemes can be realized by using multilinear maps. There are several attempts for constructing multilinear maps based on indistinguishable obfuscation, lattices and the Chinese Remainder Theorem (CRT). Nevertheless, these schemes are inefficient in terms of computation cost and memory overhead. Besides, several attacks have been recently reported against CRT-based and lattice-based multilinear maps. There is only one modular exponentiation-based MP-NIKE scheme in the literature which has been claimed to be both secure and efficient. In this article, we present an attack on this scheme based on the Euclidean algorithm, in which two colluding users can obtain the shared key of any arbitrary subgroup of users. We also propose an efficient and secure MP-NIKE scheme. We show how our proposal is secure in the random oracle model assuming the hardness of the root extraction modulo a composite number.
△ Less
Submitted 10 March, 2021;
originally announced March 2021.
-
Cryptanalysis of Song's advanced smart card based password authentication protocol
Authors:
Juan E. Tapiador,
Julio C. Hernandez-Castro,
P. Peris-Lopez,
John A. Clark
Abstract:
Song \cite{Song10} proposed very recently a password-based authentication and key establishment protocol using smart cards which attempts to solve some weaknesses found in a previous scheme suggested by Xu, Zhu, and Feng \cite{XZF09}. In this paper, we present attacks on the improved protocol, showing that it fails to achieve the claimed security goals.
Song \cite{Song10} proposed very recently a password-based authentication and key establishment protocol using smart cards which attempts to solve some weaknesses found in a previous scheme suggested by Xu, Zhu, and Feng \cite{XZF09}. In this paper, we present attacks on the improved protocol, showing that it fails to achieve the claimed security goals.
△ Less
Submitted 11 November, 2011;
originally announced November 2011.
-
Vulnerability Analysis of PAP for RFID Tags
Authors:
Mu'awya Naser,
Pedro Peris-Lopez,
Mohammd Rafie,
Jan van der Lubbe
Abstract:
In this paper, we analyze the security of an RFID authentication protocol proposed by Liu and Bailey [1], called Privacy and Authentication Protocol (PAP), and show its vulnerabilities and faulty assumptions. PAP is a privacy and authentication protocol designed for passive tags. The authors claim that the protocol, being resistant to commonly assumed attacks, requires little computation and provi…
▽ More
In this paper, we analyze the security of an RFID authentication protocol proposed by Liu and Bailey [1], called Privacy and Authentication Protocol (PAP), and show its vulnerabilities and faulty assumptions. PAP is a privacy and authentication protocol designed for passive tags. The authors claim that the protocol, being resistant to commonly assumed attacks, requires little computation and provides privacy protection and authentication. Nevertheless, we propose two traceability attacks and an impersonation attack, in which the revealing of secret information (i.e., secret key and static identifier) shared between the tag and the reader is unnecessary. Moreover, we review all basic assumptions on which the design of the protocol resides, and show how many of them are incorrect and are contrary to the common assumptions in RFID systems.
△ Less
Submitted 21 August, 2010;
originally announced August 2010.
-
Security Flaws in a Recent Ultralightweight RFID Protocol
Authors:
Pedro Peris-Lopez,
Julio C. Hernandez-Castro,
J. M. E. Tapiador,
Jan C. A. van der Lubbe
Abstract:
In 2006, Peris-Lopez et al. [1, 2, 3] initiated the design of ultralightweight RFID protocols -with the UMAP family of protocols- involving only simple bitwise logical or arithmetic operations such as bitwise XOR, OR, AND, and addition. This combination of operations was revealed later to be insufficient for security. Then, Chien et al. proposed the SASI protocol [4] with the aim of offering bet…
▽ More
In 2006, Peris-Lopez et al. [1, 2, 3] initiated the design of ultralightweight RFID protocols -with the UMAP family of protocols- involving only simple bitwise logical or arithmetic operations such as bitwise XOR, OR, AND, and addition. This combination of operations was revealed later to be insufficient for security. Then, Chien et al. proposed the SASI protocol [4] with the aim of offering better security, by adding the bitwise rotation to the set of supported operations. The SASI protocol represented a milestone in the design of ultralightweight protocols, although certain attacks have been published against this scheme [5, 6, 7]. In 2008, a new protocol, named Gossamer [8], was proposed that can be considered a further development of both the UMAP family and SASI. Although no attacks have been published against Gossamer, Lee et al. [9] have recently published an alternative scheme that is highly reminiscent of SASI. In this paper, we show that Lee et al.'s scheme fails short of many of its security objectives, being vulnerable to several important attacks like traceability, full disclosure, cloning and desynchronization.
△ Less
Submitted 12 October, 2009;
originally announced October 2009.
-
Shedding Light on RFID Distance Bounding Protocols and Terrorist Fraud Attacks
Authors:
Pedro Peris-Lopez,
Julio C. Hernandez-Castro,
Christos Dimitrakakis,
Aikaterini Mitrokotsa,
Juan M. E. Tapiador
Abstract:
The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance f…
▽ More
The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance fraud, mafia fraud and terrorist attacks are included. Distance bounding protocols represent a promising countermeasure to hinder relay attacks. Several protocols have been proposed during the last years but vulnerabilities of major or minor relevance have been identified in most of them. In 2008, Kim et al. [1] proposed a new distance bounding protocol with the objective of being the best in terms of security, privacy, tag computational overhead and fault tolerance. In this paper, we analyze this protocol and we present a passive full disclosure attack, which allows an adversary to discover the long-term secret key of the tag. The presented attack is very relevant, since no security objectives are met in Kim et al.'s protocol. Then, design guidelines are introduced with the aim of facilitating protocol designers the stimulating task of designing secure and efficient schemes against relay attacks. Finally a new protocol, named Hitomi and inspired by [1], is designed conforming the guidelines proposed previously.
△ Less
Submitted 20 June, 2010; v1 submitted 25 June, 2009;
originally announced June 2009.
-
Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations
Authors:
Julio C. Hernandez-Castro,
Juan M. E. Tapiador,
Pedro Peris-Lopez,
Jean-Jacques Quisquater
Abstract:
In this work we present the first passive attack over the SASI lightweight authentication protocol with modular rotations. This can be used to fully recover the secret $ID$ of the RFID tag, which is the value the protocol is designed to conceal. The attack is described initially for recovering $\lfloor log_2(96) \rfloor=6$ bits of the secret value $ID$, a result that by itself allows to mount tr…
▽ More
In this work we present the first passive attack over the SASI lightweight authentication protocol with modular rotations. This can be used to fully recover the secret $ID$ of the RFID tag, which is the value the protocol is designed to conceal. The attack is described initially for recovering $\lfloor log_2(96) \rfloor=6$ bits of the secret value $ID$, a result that by itself allows to mount traceability attacks on any given tag. However, the proposed scheme can be extended to obtain any amount of bits of the secret $ID$, provided a sufficiently large number of successful consecutive sessions are eavesdropped. We also present results on the attack's efficiency, and some ideas to secure this version of the SASI protocol.
△ Less
Submitted 26 November, 2008;
originally announced November 2008.
