Best paper award at the HICSS-54 2021 conference for Imrana Abdullahi Yari
At the 54th Edition of the Hawaii International Conference on Systems Sciences (HICSS-54), January 4-8, 2021, Hawaii, USA, Imrana Abdullahi Yari’s paper was awarded the Best Paper Award in the IT in Health Care track out of 1448 papers submitted to HICSS-54 (https://hicss.hawaii.edu/best-papers/). He presented his work entitled: “Online at Will: A Novel Protocol for Mutual Authentication in Peer-to-Peer Networks for Patient-Centered Health Care Information Systems.” This work was done in collaboration with Dr. Tobias Dehling and Prof.Dr. Ali Sunyaev of Karlsruhe Institute of Technology and Dr.-ing. Felix Kluge and Prof.Dr. Bjoern Eskofier of FAU.
In this paper, they propose a novel, simple, and secure mutual authentication protocol that supports offline access, leverages independent and stateless encryption services and enables patients and medical professionals to establish secure connections when using patient-centered health care information systems (PHSs) on peer-to-peer (P2P) networks–e.g., decentralized personal health records or interoperable Covid-19 proximity trackers. Nowadays, these systems are increasingly becoming more relevant due to their enormous advantages; however, they introduce new security and privacy challenges that could effectively impede the attainment of PHS goals.
The proposed protocol includes a secure virtual smart card (software-based) feature to ease integration of authentication features of emerging national health-IT infrastructures. It can also be used for user-to-user authentication in the case of interoperable Covid-19 contact tracing apps to share exposure notifications and interventions and help to fight against the pandemic.
The security evaluation shows that the protocol resists most online and offline threats while exhibiting performance comparable to traditional, albeit less secure, password-based authentication methods. The protocol serves as foundation for the design and implementation of P2P PHSs that will make use of P2P PHSs more secure and trustworthy. The research can help health care information system developers and providers to better understand the concepts and processes required for instantiating authentication protocols that resist most offline and online threats.
In the future, they aim to simplify and upgrade the protocol to support key rotation in a situation where an attacker compromises both the PHS and the cryptographic module, add other safety-related requirements like emergency access or guardian support, and limit password validation request to address password guessing attacks.
Download a copy (https://scholarspace.manoa.hawaii.edu/handle/10125/71079)