Health monitoring systems play a pivotal role in modern day healthcare. People nowadays opt for remote health monitoring services. Typical health monitoring systems use a compact device like a mobile phone to extract the data from the sensors and send them to the server. Research has shown that the health data or Electronic Health Records (EHR) are vulnerable to interception. This is due to the fact that the use of mobile devices to facilitate the transfer of the data to the server affects the security by limiting the implementation of encryption algorithms. Our system consists of a Raspberry Pi which records health data like the heartbeat and pulse rate of a patient and sends them to the server which will be monitored by the doctor. The system consists of a server side which enables the doctor to generate the EHR (Electronic Health Record) of a patient. In order to enhance the security of the system, we have implemented a password authentication key exchange mechanism based on zero knowledge password proof. Unlike normal authentication mechanisms, Zero Knowledge proof does not exchange the device credentials in order to authenticate. Instead, in a system using Zero knowledge proof, a prover proves to the verifier that it is in possession of a secret, without actually revealing what the secret is. An analysis of this protocol has also been done by simulating various security attacks like replay attack and phishing, thereby testing its resilience against such threats.
Rajesh Kannan Megalingam, KS, S., and Kumar, V. Mahesh, “A Secured Healthcare Platform for Remote Health Monitoring Services”, 2015.