Today, ubiquitous devices lack many of the security features known in desktop computing, an industry that is known to have a plethora of security problems. As ubiquitous devices are increasingly applied in the health care industry, security aspects need to receive even more attention. Clearly, patient-related data is extremely sensitive and legal requirements (such as HIPAA) attempt to enforce strict privacy controls. While we cannot solve the overall problem, our proposal to use RFID tags to authenticate users with ubiquitous devices addresses one of the most fundamental requirements of all security mechanisms: to reliably establish the user's identity. In this paper we discuss some questions that raised during experiments with ubiquitous devices at Graz University Hospital. The main problems which could be identified included security and privacy issues (protection precautions, confidentiality, reliability, sociability). The experiments showed that new and emerging computer technologies such as mobile, ubiquitous and pervasive computing have an enormous potential for the improvement of manifold workflows in health care, however, psychological and technological research must be carried out together in order to bring clear benefits for the end-users and to optimize workflows in health care in the daily routine.
Sicherheitsmechanismen, die in PCs heute als Standard vorausgesetzt werden, fehlen in vielen mobilen Geräten. Da mobile Geräte zunehmend im Gesundheitsbereich eingesetzt werden, gewinnen Sicherheitsaspekte an Bedeutung. Daten von Patienten und Krankenakten sind ganz offensichtlich sensible Daten, die sowohl durch technische als auch durch gesetzliche Maßnahmen geschützt werden müssen. Authentifikation ist eine Grundvoraussetzung für alle weiteren Sicherheitsmaßnahmen. Unser Vorschlag ist, RFID für die Authentifikation bei mobilen Geräten zu verwenden. In dieser Arbeit diskutieren die Autoren prototypische Entwicklungen, die am AKH Graz durchgeführt wurden. Der Fokus lag auf Aspekten der Sicherheit und Vertraulichkeit. Versuche haben gezeigt, dass neue Technologien das Arbeitsumfeld massiv verändern können und dass Vorteile nur durch eine enge Einbindung von Endbenutzern zum Tragen kommen. Täglich anfallende Arbeitsprozesse können dann effizienter und sicherer gestaltet werden.
Similar content being viewed by others
References
Avizienis, A., Laprie, J.-C., Randell, B. (2001): Fundamental concepts of computer system dependability. Paper presented at the IARP/IEEE-RAS Workshop on Robot Dependability: Technological Challenge of Dependable Robots in Human Environments, Seoul, Korea.
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C. (2004): Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions of Dependable and Secure Computing, 1 (1): 11–33.
Bardram, J. (2003): Hospitals of the future – ubiquitous computing support for medical work in hospitals. Paper presented at the 2nd Int. Workshop on Ubiquitous Computing for Pervasive Healthcare Applications.
Bardram, J. E. (2004): Applications of context-aware computing in hospital work: examples and design principles. Paper presented at the 2004 ACM Symposium on Applied Computing, Nicosia (Cyprus).
Bardram, J., Christensen, H., Olsen, A. (2002): Activity-driven computing infrastructure – pervasive computing in healthcare. Paper presented at the Pervasive 2002.
Chou, C., Chang, Y.-F., Jiang, Y.-Y. (2000): The development of an online adaptive questionnaire for health education in Taiwan. Computers & Education, 35 (3): 209–222.
Constantinos, F. G., Sotirios, I. M., Iakovos, S. V. (2003): Introduction of the asymmetric cryptography in GSM, GPRS, UMTS, and its public key infrastructure integration. Mob. Netw. Appl., 8 (2): 145–150.
Daid, M.: Bluetooth Security, Parts 1, 2, and 3. http://www.palowireless.com/bluearticles/cc1_security1.asp. Unpublished manuscript.
Eisenstadt, S. A., Wagner, M. M., Hogan, W. R., Pankaskie, M. C., Tsui, F.-C., Wilbright, W. (1998): Mobile workers in healthcare and their information needs: are 2-way pagers the answer? Paper presented at the 1998 AMIA Annual Symposium, Orlando (FL).
Gehrmann, C. (2002): Bluetooth security white paper. https://www.bluetooth.org/foundry/sitecontent/document/security_whitepaper_v1.
Ghosh, A. K., Swaminatha, T. M. (2001): Software security and privacy risks in mobile e-commerce. Communications of the ACM, 44 (2): 51–57.
Gollmann, D. (1999): Computer security. John Wiley & Sons.
Gruber, F., Wolfmaier, K. (2001): State of the art in wireless communication (SCCH-TR-0171). Software Competence Center Hagenberg.
Halpert, B. (2004): Mobile device security. Kennesaw: ACM Press.
Hansmann, M., Nicklous, S. (2001): Pervasive computing-handbook. Springer Verlag.
Holzinger, A., Nischelwitzer, A., Meisenberger, M. (2005): Mobile phones as a challenge for m-learning: examples for mobile interactive learning objects (MILOs). Paper presented at the Proc. of the 3rd Int. Conf. on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops).
Holzinger, A., Schwaberger, K., Weitlaner, M. (2005): Ubiquitous computing for hospital applications RFID-applications to enable research in real-life environments. Paper presented at the UbiComp in HC, CompSAC.
Holzinger, A., Schwaberger, K., Weitlaner, M. (2005): Ubiquitous computing for hospital applications: RFID-applications to enable research in real-life environments. 29th Int. Computer Software & Applications Conference (IEEE COMPSAC): 19–20.
Howard, M., LeBlanc, D. (2002): Writing secure code (2nd ed.). Microsoft Press.
Jepsen, T. (2003): IT in healthcare: Progress Report. IT PROFESSIONAL, 5 (1): 8–14.
Juels, A., Rivest, R. L., Szydlo, M. (2003): The blocker tag: selective blocking of RFID tags for consumer privacy. Paper presented at the Proc. of the 10th ACM Conf. on Computer and Communications Security.
Kelly, S. (2001): Chair of IEEE 802.11 Responds to WEP Security Flaws.
Knospe, H., Pohl, H. (2004): RFID security. Information Security Technical Report, 9 (4), 39–50.
Leavitt, N. (2005): Mobile phones: the next frontier for hackers. IEEE Computer, 38 (4): 20–23.
Mahan, R. E. (2001): Security in wireless networks, SANS Institute. http://rr.sans.org/wireless/wireless_net3.php.
Mazzola, M. (2003): Interview. Queue, 1 (3): 12–16.
Mitnick, K. D., Simon, W. L. (2002): The art of deception. Controlling the human element of security. John Wiley & Sons.
Paul, D., Grinter, E., Delgado de la Flor, J., Joseph, M. (2004): Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput., 8 (6): 391–401.
Pesonen, L. (1999): GSM interception. Dpt. of Computer Science and Engineering: Helsinki University of Technology.
Reuss, E., Menozzi, M., Buchi, M., Koller, J., Krueger, H. (2004): Information access at the point of care: what can we learn for designing a mobile CPR system? Int. Journal of Medical Informatics, 73 (4): 363–369.
Rueckert, L., Deravanesian, A., Baboorian, D., Lacalamita, A., Repplinger, M. (2002): Pseudoneglect and the cross-over effect. Neuropsychologia, 40 (2): 162.
Russell, D. M., Streitz, N. A., Winograd, T. (2005): Building disappearing computers. Communications of the ACM, 48 (3): 42–48.
Sarma, S., Brock, D., Engels, D. (2001): Radio frequency identification and the electronic product code. IEEE MICRO, 21 (6): 50–54.
Swiderski, F., Snyder, W. (2004): Threat modelling. Microsoft Press.
Walker, N. W., Myrick, C. C. (1985): Ethical considerations in the use of computers in psychological testing and assessment. J. School Psychol. 23 (1): 51–57.
Want, R. (2004): The magic of RFID: just how do those little things work anyway? ACM Queue, 2 (7): 40–48.
Wegner, P., Doyle, J. (1996): Editorial: strategic directions in computing research. ACM Comput. Surv., 28 (4): 565–574.
Weippl, E. R. (2005): Security in e-Learning. Heidelberg: Springer.
Weis, S. A., Sarma, S. E., Rivest, R. L., Engels, D. W. (2004): Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D. (ed.): Security in pervasive computing. Heidelberg. LNCS 2802: 201–212.
Weiser, M. (1993): Some computer science issues in ubiquitous computing. Communication of the ACM, 36 (7): 75–84.
Whittaker, J. (2003): Why secure applications are difficult to write. IEEE Security & Privacy (2): 81–83.
Whittaker, J. A., Thompson, H. H. (2003): How to break software security. Addison Wesley.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Weippl, E., Holzinger, A. & Tjoa, A. Security aspects of ubiquitous computing in health care. Elektrotech. Inftech. 123, 156–161 (2006). https://doi.org/10.1007/s00502-006-0336
Issue Date:
DOI: https://doi.org/10.1007/s00502-006-0336