Low complexity smart grid security protocol based on elliptic curve cryptography, biometrics and hamming distance

The incorporation of information and communication technologies in the power grids has greatly enhanced efficiency in the management of demand-responses. In addition, smart grids have seen considerable minimization in energy consumption and enhancement in power supply quality. However, the transmission of control and consumption information over open public communication channels renders the transmitted messages vulnerable to numerous security and privacy violations. Although many authentication and key agreement protocols have been developed to counter these issues, the achievement of ideal security and privacy levels at optimal performance still remains an uphill task. In this paper, we leverage on Hamming distance, elliptic curve cryptography, smart cards and biometrics to develop an authentication protocol. It is formally analyzed using the Burrows-Abadi-Needham (BAN) logic, which shows strong mutual authentication and session key negotiation. Its semantic security analysis demonstrates its robustness under all the assumptions of the Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models. From the performance perspective, it is shown to incur communication, storage and computation complexities compared with other related state of the art protocols.

Investigating the potential of aggregated mobility indices for inferring public transport ridership changes

Aggregated mobility indices (AMIs) derived from information and communications technologies have recently emerged as a new data source for transport planners, with particular value during periods of major disturbances or when other sources of mobility data are scarce. Particularly, indices estimated on the aggregate user concentration in public transport (PT) hubs based on GPS of smartphones, or the number of PT navigation queries in smartphone applications have been used as proxies for the temporal changes in PT aggregate demand levels. Despite the popularity of these indices, it remains largely untested whether they can provide a reasonable characterisation of actual PT ridership changes. This study aims to address this research gap by investigating the reliability of using AMIs for inferring PT ridership changes by offering the first rigorous benchmarking between them and ridership data derived from smart card validations and tickets. For the comparison, we use monthly and daily ridership data from 12 cities worldwide and two AMIs shared globally by Google and Apple during periods of major change in 2020-22. We also explore the complementary role of AMIs on traditional ridership data. The comparative analysis revealed that the index based on human mobility (Google) exhibited a notable alignment with the trends reported by ridership data and performed better than the one based on PT queries (Apple). Our results differ from previous studies by showing that AMIs performed considerably better for similar periods. This finding highlights the huge relevance of dealing with methodological differences in datasets before comparing. Moreover, we demonstrated that AMIs can also complement data from smart card records when ticketing is missing or of doubtful quality. The outcomes of this study are particularly relevant for cities of developing countries, which usually have limited data to analyse their PT ridership, and AMIs may offer an attractive alternative.

Encouraging gender-inclusive acceptance of multipurpose national-identity smart cards

Purpose

Gender-inclusive adoption of multipurpose national-identity smart cards (MNIS) is important to ensure gender equality, particularly in accessing public services offered by the card e.g. identity verification, healthcare, transit, banking, driving license, passport, etc. The aim is to study the gender differences in terms of the motivation and impediments of adopting MNIS to recommend gender-specific adoption strategies.

Methodology

The research framework is based on the Unified Theory of Acceptance and Use of Technology (UTAUT) with the added constructs of perceived credibility and anxiety. The data was collected through five hundred questionnaires from Malaysia (the MNIS pioneer) and analyzed using structural equation modeling.

Findings

The results show that females have significantly higher perceived credibility while males have significantly higher performance expectancy for MNIS. The correlation between performance expectancy and perceived credibility is significantly stronger among males.

Practical implications

Strategies recommended to policymakers include having social messages related to MNIS utility and convenience in campaigns targeting males while alleviating concerns over security and privacy for campaigns targeting females.

Originality/value

This is the first study that investigated the gender differences in adoption of MNIS by comparing the structural UTAUT models of both genders. The gender differences in MNIS adoption were explained using gender theories.

Travel pattern-based bus trip origin-destination estimation using smart card data

Smart card data are widely used in generating the origin and destination (O–D) matrix for public transit, which contains important information for transportation planning and operation. However, the generation of the O–D matrix is limited by the smart card data information that includes the boarding (origin) information without the alighting (destination) information. To solve this problem, trip chain methods have been proposed, thereby greatly contributing in estimating the destination using the smart card data. Nevertheless, unlinked trips, that is, trips with unknown destinations, are a persisting issue. The purpose of this study is to develop a method for estimating the destination of unlinked trips, in which trip chain methods cannot be applied, using temporal travel patterns and historical boarding records of the passengers based on long-term smart card data. The passengers were clustered by k-means clustering, and the time-of-day travel patterns were estimated for each cluster using a Gaussian mixture model. The travel patterns were formulated to estimate the destination of the passengers from the smart card data. The proposed method was verified using the 2018 smart card data collected in Sejong City, South Korea. The existing trip chain method matched the destinations of 60.0% of the total trips, whereas the proposed method improved the matching to 74.9% by additionally matching the destinations of 37.2% of the unlinked trips.

Evaluating the Inequality of Medical Service Accessibility Using Smart Card Data

The measurement of medical service accessibility is typically based on driving or Euclidean distance. However, in most non-emergency cases, public transport is the travel mode used by the public to access medical services. Yet, there has been little evaluation of the public transport system-based inequality of medical service accessibility. This work uses massive real smart card data (SCD) and an improved potential model to estimate the public transport-based medical service accessibility in Beijing, China. These real SCD data are used to calculate travel costs in terms of time and distance, and medical service accessibility is estimated using an improved potential model. The spatiotemporal variations and patterns of medical service accessibility are explored, and the results show that it is unevenly spatiotemporally distributed across the study area. For example, medical service accessibility in urban areas is higher than that in suburban areas, accessibility during peak periods is higher than that during off-peak periods, and accessibility on weekends is generally higher than that on weekdays. To explore the association of medical service accessibility with socio-economic factors, the relationship between accessibility and house price is investigated via a spatial econometric analysis. The results show that, at a global level, house price is positively correlated with medical service accessibility. In particular, the medical service accessibility of a higher-priced spatial housing unit is lower than that of its neighboring spatial units, owing to the positive spatial spillover effect of house price. This work sheds new light on the inequality of medical service accessibility from the perspective of public transport, which may benefit urban policymakers and planners.

Do Targeted User Fee Exemptions Reach the Ultra-Poor and Increase their Healthcare Utilisation? A Panel Study from Burkina Faso

Background: A component of the performance-based financing intervention implemented in Burkina Faso was to provide free access to healthcare via the distribution of user fee exemption cards to previously identified ultra-poor. This study examines the factors that led to the receipt of user fee exemption cards, and the effect of card possession on the utilisation of healthcare services. Methods: A panel data set of 1652 randomly selected ultra-poor individuals was used. Logistic regression was applied on the end line data to identify factors associated with the receipt of user fee exemption cards. Random-effects modelling was applied to the panel data to determine the effect of the card possession on healthcare service utilisation among those who reported an illness six months before the surveys. Results: Out of the ultra-poor surveyed in 2017, 75.51% received exemption cards. Basic literacy (p = 0.03), living within 5 km from a healthcare centre (p = 0.02) and being resident in Diébougou or Gourcy (p = 0.00) were positively associated with card possession. Card possession did not increase health service utilisation (β = −0.07; 95% CI = −0.45; 0.32; p = 0.73). Conclusion: A better intervention design and implementation is required. Complementing demand-side strategies could guide the ultra-poor in overcoming all barriers to healthcare access.

Patient Identification Techniques - Approaches, Implications, and Findings

OBJECTIVES

To identify current patient identification techniques and approaches used worldwide in today's healthcare environment. To identify challenges associated with improper patient identification.

METHODS

A literature review of relevant peer-reviewed and grey literature published from January 2015 to October 2019 was conducted to inform the paper. The focus was on: 1) patient identification techniques and 2) unintended consequences and ramifications of unresolved patient identification issues.

RESULTS

The literature review showed six common patient identification techniques implemented worldwide ranging from unique patient identifiers, algorithmic approaches, referential matching software, biometrics, radio frequency identification device (RFID) systems, and hybrid models. The review revealed three themes associated with unresolved patient identification: 1) treatment, care delivery, and patient safety errors, 2) cost and resource considerations, and 3) data sharing and interoperability challenges.

CONCLUSIONS

Errors in patient identification have implications for patient care and safety, payment, as well as data sharing and interoperability. Different patient identification techniques ranging from unique patient identifiers and algorithms to hybrid models have been implemented worldwide. However, no current patient identification techniques have resulted in a 100% match rate. Optimizing algorithmic matching through data standardization and referential matching software should be studied further to identify opportunities to enhance patient identification techniques and approaches. Further efforts to improve patient identity management include adoption of patients' photos at registration, naming conventions, and standardized processes for recording patients' demographic data attributes.

"You Need ID to Get ID": A Scoping Review of Personal Identification as a Barrier to and Facilitator of the Social Determinants of Health in North America

Personal identification (PID) is an important, if often overlooked, barrier to accessing the social determinants of health for many marginalized people in society. A scoping review was undertaken to explore the range of research addressing the role of PID in the social determinants of health in North America, barriers to acquiring and maintaining PID, and to identify gaps in the existing research. A systematic search of academic and gray literature was performed, and a thematic analysis of the included studies (n = 31) was conducted. The themes identified were: (1) gaining and retaining identification, (2) access to health and social services, and (3) facilitating identification programs. The findings suggest a paucity of research on PID services and the role of PID in the social determinants of health. We contend that research is urgently required to build a more robust understanding of existing PID service models, particularly in rural contexts, as well as on barriers to accessing and maintaining PID, especially among the most marginalized groups in society.

An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments

Recently, Li et al. proposed a novel smart card and dynamic ID-based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several types of attacks. However, through careful analysis, we find that Li et al.’s scheme is vulnerable to stolen smart card and off-line dictionary attacks, replay attacks, impersonation attacks and server spoofing attacks. By analyzing other similar schemes, we find that a certain type of dynamic ID-based multi-server authentication scheme in which only hash functions are used and whereby no registration center participates in the authentication and session key agreement phase faces difficulties in providing perfectly efficient and secure authentication. To compensate for these shortcomings, we propose a novel dynamic ID-based remote user authentication scheme for multi-server environments based on pairing and self-certified public keys. Security and performance analyses show that the proposed scheme is secure against various attacks and has many excellent features.

Privacy-Preserving and Efficient Truly Three-Factor Authentication Scheme for Telecare Medical Information Systems

Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor's diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.

Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps

A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes.

Photo Identification on a Medical-Surgical Unit Improves Communication Resulting in Positive Patient Outcomes

Creating an environment that allows for ease of communication is imperative to meet the demands of health care that is focused on quality, safety, and outcomes. As a way to improve the communication between and identification of nursing staff by the interprofessional team, a process was created to aide in timely identification and communication between health care members. Enhanced communication can result in an increase in Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS) scores for patient satisfaction in responsiveness, communication with nurses, and bathroom help.

Spanish Pacemaker Registry. Twelfth Official Report of the Spanish Society of Cardiology Working Group on Cardiac Pacing (2014)

INTRODUCTION AND OBJECTIVES

This report describes the results of the analysis of pacemaker implant and replacement data submitted to the Spanish Pacemaker Registry in 2014, with special reference to pacing mode selection.

METHODS

The report is based on the processing of information provided by the European Pacemaker Patient Identification Card.

RESULTS

Information was received from 117 hospitals, with a total of 12 358 cards, representing 34% of estimated activity. Use of conventional generators and resynchronization devices was 784 and 64.4 units per million population, respectively. The mean age of patients receiving an implant was 77.3 years. Men received 59% of implants and 56.4% of replacements. Most patients receiving generator implants and replacements were in the age range 80 to 89 years. Most endocardial leads used were bipolar, and 84.2% had an active fixation system. Pacing was in VVI/R mode despite being in sinus rhythm in 24.7% of patients with sick sinus syndrome and 24% of those with atrioventricular block.

CONCLUSIONS

The use of pacemaker generators and resynchronization devices per million population continued to increase. Most implanted leads had active fixation and approximately 20% had magnetic resonance imaging protection. Age and sex directly influenced pacing mode selection, which could have been improved in more than 20% of cases.

[Personal e-cards for military personnel and military-medical information system]

The article presents main directions of activities of the medical service, dealing with implementation of personal electronic cards for military personnel, organizing the process of automation of medical service management, military and medical organizations and health care departments. The given article, reveals the on-going activity, concerning creation of the military-medical information system, which will unite all medical units, organizations, and governments into one information space.

Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.

Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.