Evaluation of an Infrared/Radiofrequency Equipment-Tracking System in a Tertiary Care Hospital
Journal of Medical Systems
RFID Application in Hospitals: A Case Study on a Demonstration RFID Project in a Taiwan Hospital
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 08
A New Method to Guard Inpatient Medication Safety by the Implementation of RFID
Journal of Medical Systems
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Design of an RFID-based Healthcare Management System using an Information System Design Theory
Information Systems Frontiers
A RFID Grouping Proof Protocol for Medication Safety of Inpatient
Journal of Medical Systems
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI
IEEE Transactions on Dependable and Secure Computing
Journal of Medical Systems
Two RFID-based Solutions to Enhance Inpatient Medication Safety
Journal of Medical Systems
Fuzzy Logic-Based Approach to Detecting a Passive RFID Tag in an Outpatient Clinic
Journal of Medical Systems
Journal of Medical Systems
A case against currently used hash functions in RFID protocols
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Patient Safety Through RFID: Vulnerabilities in Recently Proposed Grouping Protocols
Journal of Medical Systems
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A Design of Tamper Resistant Prescription RFID Access Control System
Journal of Medical Systems
Two RFID Standard-based Security Protocols for Healthcare Environments
Journal of Medical Systems
Hi-index | 0.00 |
Recently, Chen et al. have proposed a novel tamper resistant prescription RFID access control system, published in the Journal of Medical Systems. In this paper we consider the security of the proposed protocol and identify some existing weaknesses. The main attack is a reader impersonation attack which allows an active adversary to impersonate a legitimate doctor, e.g. the patient's doctor, to access the patient's tag and change the patient prescription. The presented attack is quite efficient. To impersonate a doctor, the adversary should eavesdrop one session between the doctor and the patient's tag and then she can impersonate the doctor with the success probability of `1'. In addition, we present efficient reader-tag to back-end database impersonation, de-synchronization and traceability attacks against the protocol. Finally, we propose an improved version of protocol which is more efficient compared to the original protocol while provides the desired security against the presented attacks.