Total views : 184

Passwordless Authentication in Mobile e-health using a Secure Boot Non-regenerated Unique Identity and NFC


  • Electrical Engineering Department, University Technology MARA, 40450 Shah Alam, Malaysia


Mobile e-health is a current application where people can connect with healthcare services through sensor nodes and wireless communication. Existing e-health architecture depends on a third party server in order to get connected with the hospitals. Therefore, it adds up to a security hole in the e-health architecture. Objectives: The objective of this paper is to develop a secured password less authentication protocol for mobile e-health system and to eliminate the need for a third party server. Methods/Statistical Analysis: A non-regenerated unique identity for the e-health sensor node is generated through a secure boot process and the unique value will be used as the sensor node identity. EHEART prototype is designed and e-health server is established. Near Field Communication (NFC) ring is used in this mobile e-health system to enhance the security layer of the proposed authentication protocol. Study was conducted in a closed environment with no exposure to attackers. Findings: The project results demonstrate the development of a secured passwordless authentication for e-health system. By implementing the near field communication in the e-health system, it can reduce the energy consumption where the Bluetooth module will only be automatically turned on when the mobile device is being touched by the NFC ring. EHEART application does not need any username and password combination for login request and authentication process. Formal analysis method AVISPA and SPAN is used to analyse the reliability and the security of the proposed system and it is proven to be secured from replay attack, node cloning and password break attack. Application/Improvements: The outcome form the research will ensure secure connectivity or environment in the e-health monitoring system without depending anymore on a password and third party server. NFC ring in the system will help reduce the power consumption of the mobile device.


Mobile e-health, Passwordless Authentication, Secure Boot, Unique Identity.

Full Text:

 |  (PDF views: 129)


  • Mea VD. What is e-health (2): The death of telemedicine?Journal of Medical Internet Research. 2001 Jun; 3(2):1–2.
  • Smith E, Eloff JHP. Security in health-care information systems current trends. International Journal of Medical Informatics. 1998 Oct; 54(1999):39–54.
  • Bahtiyar S, Caglayan M. Trust assessment of security for e-health systems. Journal of Electronic Commerce Research and Application. 2013 Nov; 13(3):164–77.
  • Ambroise N, Boussonnie S, Eckmann A. A smartphone application for chronic disease self-management.Proceedings of the 1st Conference on Mobile and Information Technologies in Medicine, Prague, Czech Republic; 2013.
  • Chan V, Ray P, Parameswaran N. Mobile e-health monitoring: An agent-based approach. IET Communications; 2008.p. 223–30.
  • Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A.Security and privacy in electronic health records: A systematic literature review. Journal on Biomedical Informatics.2013 Jun; 46(3):541–62.
  • Lou W, Tech V. Secure ad-hoc trust initialization and key management in wireless body area networks. Journal ACM Transaction on Sensor Networks. 2013 Mar; 9(2):1–35.
  • Guo Y, Hu Y, Afzal J, Bai G. Using P2P technology to achieve e-health interoperability. IEEE International Conference on Service System and Service Management (ICSSM); 2011. p. 1–5.
  • Sun Q, Song W, Foundation M. Thinking about some issues of e-health. Journal of China-US Public Administration.2013 Feb; 10(2):209–16.
  • Thilakanathan D, Chen S, Nepal S, Calvo R, Alem L. A platform for secure monitoring and sharing of generic health data in the cloud. IEEE Future Generation Computer System; 2014. p. 102–13.
  • Desai N, Shahnasser H. A light review of data security and privacy approaches applicable to e-health systems.International Conference on Computing Technology and Information Management; 2014. p. 362–6.
  • Boonyarattaphan A, Bai Y, Chung S. A security framework for e-health service authentication and e-health data transmission.International Symposium on Communications and Information Technology; 2009. p. 1213–18.
  • Bazzani M, Conzon D, Scalera A, Spirito MA, Trainito CI. Enabling the IoT paradigm in e-health solutions through the VIRTUS middleware. IEEE 11th International Conference on Trust, Secuity and Privacy in Computing and Communications; 2012. p. 1954–9.
  • Bai G, Guo Y. Activity theory ontology for knowledge sharing in e-health. IEEE International Forum on Information Technology and Application; 2010. p. 39–43.
  • Ghazizadeh E, Zamani M, Ab Manan J, Alizadeh M. Trusted computing strengthens cloud authentication. The Scientific World Journal; 2014.
  • Zhang R, Liu L. Security models and requirements for healthcare application clouds. IEEE 3rd International Conference Cloud Computing; 2010. p. 268–75.
  • Dong N, Jonker H, Pang J. Challenges in e-health: From enabling to enforcing privacy. International Conference Foundation Health Informatics Engineering System; 2012.p. 195–206.
  • Bai G, Guo Y. A general architecture for developing a sustainable elderly care e-health system. IEEE International Conference On Service System and Service Management (ICSSM); 2011. p. 1–6.
  • Rahim YA, Sahib S, Khanapi M, Ghani A. Pseudonmization techniques for clinical data: Privacys in Sultan Ismail Hospital Johor Bahru. IEEE International Conference on Networked Computing (INC); 2011. p. 74–7.
  • Fengou M, Mantas G, Lymberopoulos D, Komninos N, Fengos S, Lazarou N. A new framework architecture for next generation e-health services. IEEE Journal on Biomedical Health. 2013; 7(1):9–18.
  • Yao W, Chu CH, Li Z. The adoption and implementation of RFID technologies in healthcare: A literature review.Journal on Medical Systems. 2012; 36(6):3507–25.
  • AbuKhousa E, Mohamed N, Al-Jaroodi J. E-health cloud: opportunities and challenges. Journal on Future Internet.2012; 4(4):621–45.
  • de Souza RL, Lung LC, Custodio RF. Multi-factor authentication in key management systems. 12th IEEE International Conference on Trust, Security, and Privacy in Computing and Communication; 2013. p. 746–52.
  • Jones V, Gay V, Leijdekkers P. Body sensor networks for mobile health monitoring: Experience in Europe and Australia. IEEE International Conference on Digital Society; 2010. p. 204–9.
  • Ghani MKA, Bali RK, Naguib RNG, Marshall IM, and Shibghatullah AS. The design of flexible front end framework for accessing patient health records through short message service. Asia-Pacific Conference on Applied Electromagnetic; 2007. p. 1–5.
  • Martí R. Security in a wireless mobile health care system.International Conference on Emerging application for Wireless and Mobile access; 2005.
  • Zhu X, Han S, Huang PC, Mok AK, Chen D. MBStar: A real-time communication protocol for wireless body area networks. 23rd Euromicro Conference on Real-Time System; 2011. p. 57–66.
  • Fernando JI, Dawson LL. The health information system security threat lifecycle: An informatics theory.International Journal on Medical Informatics. 2009; 78(12):815–26.
  • Gagnon MP, Desmartis M, Labrecque M, Car J, Pagliari C, Pluye P, Fremont P, Gagnon J, Tremblay N, Legare F.Systematic review of factors influencing the adoption of information and communication technologies by healthcare professionals. Journal of Medical System. 2012; 36(1):241–77.
  • Shen P, Liu V, Caelli W. A viable and sustainable key management approach for a national e-health environment.International Conference on e-Health Networking, Applications, and Services; 2012. p. 347–52.
  • Johari AW, Latif M. Tank water level monitoring system using GSM network. International Journal of Computer Science and Information Technologies. 2011; 2(3):1114–15.
  • Kamarudin NH, Yussoff YM, Hashim H. IBE_trust authentication for e-health mobile monitoring system.IEEE Computer Applications and Industrial Electronics (ISCAIE), Langkawi Malaysia; 2015. p. 160–4.
  • Kamarudin NH, Yussoff YM, Hashim H. Two-tier e-health monitoring system. WSEAS Applied Computational Science (ACACOS), Kuala Lumpur, Malaysia; 2014.
  • Thiranant N, Hoon JL. A design of security framework for e-health authentication system using QR code. Advanced Science and Technology Letters. 2013; 38:32–5.
  • Chowdhury N, Bhuiyan MDMH, Samiul I. IoT: Detection of keys, controlling machines and wireless sensing via mesh networking through internet. Global Journal of Researches in Engineering. 2013; 13(13):1–9.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.