Securing the Communication of Medical Information Using Local Biometric Authentication and Commercial Wireless Links

Medical information is extremely sensitive in nature – a compromise, such as eavesdropping or tampering by a malicious third party, may result in identity theft, incorrect diagnosis and treatment, and even death. Therefore, it is important to secure the transfer of the medical information from its source, i.e., the patient, to the system that collects and records it or its technology adoption will face a strong resistance from the users. We consider the scenario where a patient has a portable, wireless medical device that transfers the medical information to a remote server. We decompose this problem into two sub-problems and propose security solutions to each of them: (a) to secure the link between the patient and the portable device, and (b) to secure the link between the portable device and the network. Thus, we push the limits of the network security to the cutting edge: authenticating the user using their biometric information, authenticating the device to the network at the physical layer, and strengthening the security of the wireless link with a key exchange mechanism. The proposed authentication methods can be used for recording the readings of medical data in a central database and for accessing medical records.