Is a security service where receiver ensures that message is received from authorized?

In present day scenario security of the system is the sole priority of any organisation. The main aim of any organisation is to protect their data from attackers. In cryptography, attacks are of two types such as Passive attacks and Active attacks. 

Passive attacks are those that retrieve information from the system without affecting the system resources while active attacks are those that retrieve system information and make changes to the system resources and their operations. 

The Principles of Security can be classified as follows: 

1. Confidentiality: 
   The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message. 

   For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C. 

   Data on the network is analogous to possessions of a person. It has to be kept secure from others with malicious intent. This intent ranges from bringing down servers on the network to using people's private information like credit card numbers to sabotage of major organizations with a presence on a network. To secure data, one has to ensure that it makes sense only to those for whom it is meant. This is the case for data transactions where we want to prevent eavesdroppers from listening to and stealing data. Other aspects of security involve protecting user data on a computer by providing password restricted access to the data and maybe some resources so that only authorized people get to use these,  and identifying miscreants and thwarting their attempts to cause damage to the network among other things.

   1. Authentication: We have to check that the person who has requested for something or has sent an e-mail is indeed allowed to do so. In this process we will also look at how the person authenticates his identity to a remote machine.
   2. Integrity: We have to check that the message which we have received is indeed the message which was sent. Here CRC will not be enough because somebody may deliberately change the data. Nobody along the route should be able to change the data.
   3. Confidentiality: Nobody should be able to read the data on the way so we need Encryption
   4. Non-repudiation: Once we sent a message, there should be no way that we can deny sending it and we have to accept that we had sent it.
   5. Authorization: This refers to the kind of service which is allowed for a particular client. Even though a user is authenticated we may decide not to authorize him to use a particular service.
   For authentication, if two persons know a secret then we just need to prove that no third person could have generated the message. But for Non-repudiation we need to prove that even the sender could not have generated the message. So authentication is easier than Non-repudiation. To ensure all this, we take the help of cryptography. We can have two kinds of encryption :
   1. Symmetric Key Encryption: There is a single key which is shared between the two users and the same key is used for encrypting and decrypting the message.
   2. Public Key Encryption: There are two keys with each user : a public key and a private key. The public key of a user is known to all but the private key is not known to anyone except the owner of the key. If a user encrypts a message in his private key then it can be decrypted by anyone by using the sender's public key. To send a message securely, we encrypt the message in the public key of the receiver which can only be decrypted by the user with his private key.

   Symmetric key encryption is much faster and efficient in terms of performance. But it does not give us Non-repudiation. And there is a problem of how do the two sides agree on the key to be used assuming that the channel is insecure ( others may snoop on our packet ). In symmetric key exchange, we need some amount of public key encryption for authentication. However, in public key encryption, we can send the public key in plain text and so key exchange is trivial. But this does not authenticate anybody. So along with the public key, there needs to be a certificate. Hence we would need a public key infrastructure to distribute such certificates in the world.

   Data authenticity is different from data confidentiality. In confidential data transmission, the data is encrypted before transmission and therefore only the intended recipient will be able to recover the data. Confidential data may be accompanied by a Message Integrity Code, but it is not required. The intended recipient of confidential data with no MIC is confident that the data has not been recovered by an intruder, but the data may have been changed in transit. On the other hand, data can be transmitted unencrypted but accompanied with a MIC. In this case, the data is not confidential, but its authenticity can be verified.

   The MIC is also referred to as Message Authentication Code (MAC) or authentication tag. The ZigBee and IEEE 802.15.4 standard documents use MIC instead of MAC to avoid confusion with the Message Authentication Code (MAC) and the Medium Access Control (MAC). The MIC in ZigBee is generated using the enhanced Counter with Cipher Block Chaining Message Authentication Code (CCM*) protocol. The CCM* is defined to be used in conjunction with 128-bit AES and shares the same security key with AES.

   Figure 3.54 shows the role of AES-CCM* in data authentication and confidentiality. On the transmitter side, the plaintext in the form of 128-bit blocks of data enters the AES-CCM*. The responsibility of the AES-CCM* is to encrypt the data and generate an associated MIC, which is sent to the receiver along with the frame. The receiver uses the AES-CCM* to decrypt the data and generate its own MIC from the received frame to be compared with the received MIC. The CCM* is referred to as a generic mode of operation that combines the encryption and data authentication. The CCM* offers encryption-only and integrity-only capabilities.

   

   Figure 3.54. Application of the Message Integrity Code (MIC) in Data Authentication

   In Figure 3.54, there are three inputs to the AES-CCM*: the data itself, the security key, and the nonce. The nonce is a 13-octet string constructed using the security control, the frame counter, and the source address fields of auxiliary header. The auxiliary header fields and the CCM* nonce are shown in Figure 3.55. The AES-CCM* uses the nonce as part of its algorithm. The value of the nonce is never the same for two different messages using the same security key, because the frame counter is incremented every time a new frame is transmitted. The use of the nonce ensures freshness of the received frame. The motivation to use the nonce is that an intruder, without the security key, is capable of receiving a secured message and simply resending the exact message after a period of time. This retransmitted message will have all the correct security features of a valid message, but the frame counter will indicate that the frame was received previously. In this way, the frame counter helps identify and prevent processing of duplicate frames. This is referred to as checking the frame freshness. If the intruding device changes the frame counter associated with the frame before retransmitting the frame, the receiver device will notice this unauthorized modification when it compares the calculated and received MICs (Figure 3.54).

   

   Figure 3.55. The Auxiliary Header Format and the CCM* Nonce

   The Cyclic Redundancy Check (CRC), discussed in Section 3.3.5.1.1, helps identify any error in a received frame. The CRC is designed to detect only the accidental error in the received data, and the CRC can be reproduced by any intruder. A MIC provides stronger assurance of authenticity compared to the CRC. The MIC generated by the CCM* detects intentional and unauthorized modifications of the data as well as accidental errors.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B9780750683937000030

   Introduction

   Zhe-Ming Lu, Shi-Ze Guo, in Lossless Information Hiding in Images, 2017

   1.4.2 Fragile Image Watermarking

   1.4.2.1 Background

   Digital watermarking has been also proposed as a possible solution for data authentication and tamper detection. The invisible authenticator, sensitive watermark, is inserted using the visual redundancy of human visual system (HVS), and is altered or destroyed when the cover image is modified by various linear or nonlinear transformations. The changes of authentication watermark can be used to determine the modification of the marked image, even locate the tampered area. Because the watermark is embedded in the content of image, it can exert its efficiency in the whole lifecycle.

   1.4.2.2 Classification

   The authentication watermark can be classified into fragile watermark and semifragile watermark according to its fragility and sensitivity. The fragile watermark is very sensitive and designed to detect every possible change in marked image; so it fits to verify the integrity of data and is viewed as an alternative verification solution to a standard digital signature scheme. However, in most multimedia applications, minor data modifications are acceptable as long as the content is authentic, so the semifragile watermark is developed and widely used in content verifying. Semifragile watermark is robust for acceptable content-preserving manipulations (compression, enhancement, etc.) whereas fragile watermark is robust for malicious distortions such as feature adding or removal. Therefore it is suitable to verify the trustworthiness of data.

   1.4.2.3 Requirements

   A watermarking-based authentication system can be considered as effective if it satisfies the following requirements:

   1.

   Invisibility: The embedded watermark is invisible. It is the basic requirement of keeping the commercial quality of watermarked images. The watermarked image must be perceptually identical to the original one under normal observation.

   2.

   Tampering detection: An authentication watermarking system should detect any tampering in a watermarked image. This is the most fundamental property to reliably test image's authenticity.

   3.

   Security: The embedded watermark cannot be forged or manipulated. In such systems the marking key is private, the marking key should be difficult to deduce from the detection information, and the insertion of a mark by unauthorized parties should be difficult.

   4.

   Identification of manipulated area: The authentication watermark should be able to detect the location of altered areas and verify other areas as authentic. The detector should also be able to estimate what kind of modification had occurred.

   1.4.2.4 Watermarking-Based Authentication System

   The process of digital watermarking–based authentication is similar to any watermarking system; it is composed of two parts: the embedding of authentication watermark and the extraction and verification of authentication watermark.

   1.4.2.4.1 Authentication Watermark Embedding

   The general description of watermark embedding is:

   (1.16)c′=E(c,a,w,Kpr)

   where E(.) is the watermark embedding operator; c and c′ are image pixels or coefficients before and after watermark embedding; w is the embedded watermark sample, which is generated by the pseudorandom sequence generator or chaotic sequence; and a is a tuning parameter determining the strength of the watermark to ensure the invisibility. It can be a constant or a JND function proposed by HVS [17]. Kpr is the private key that controls the generation of watermark sequence or selects the location for embedding.

   1.4.2.4.2 Authentication Watermark Extraction and Verification

   The general description of watermark extraction is:

   (1.17)w′=D(I1,Kpu)

   where D(.) is the watermark extraction operator, I1 is the questionable marked image, and Kpu is the public key corresponding to Kpr [18]. If the Hamming distance between the extracted and original watermarks is less than a predefined threshold, the modification of marked image is acceptable and the image's content is authentic, or the marked image is unauthentic. The tampered area can be located by the differences between the extracted and original watermarks: the watermark differences of the tampered image are most likely concentrated in a particular area, whereas the differences caused by incidental manipulation such as compression are sparse and widely spread over the entire image. So the tampered area can be determined.

   1.4.2.5 Overview of Techniques

   Many early authenticating watermarking systems embed the mark in the spatial domain of an image. Some watermark schemes can easily detect random changes to an image but fail to detect tampered area. An example is the fragile mark embedded in the least significant bit (LSB) plane of an image [19].

   The later authentication watermark schemes are developed in transform domains, such as DCT and wavelet domains. The properties of a transform can be used to characterize how the image has been damaged, and the choice of watermark embedding locations enables us to flexibly adjust the sensitivity of the authentication watermark. For example, if one is only interested in determining whether an image has been tampered with, one could use a special type of signal that can be easily destroyed by slight. modifications, e.g., an encrypted JPEG compressed image file. On the other hand, if one is interested in determining which part of an image has been altered, one should embed the watermark in each DCT block or wavelet detail subband, to find out which part has been modified. Some authentication watermark schemes are developed from the spread spectrum-based robust watermarking algorithms [20,21]. The semifragile watermarks are attached on the middle-low DCT coefficients or the wavelet low-resolution detail subbands as additive white Gaussian noise. At detector, the correlation value between the original watermark sequence and the extracted watermark or marked image is used to determine the authenticity of the test image. Because the influence on middle-low frequency coefficients of incidental manipulations such as compression is small, whereas that of tampering is significant, the algorithms can detect whether the images are tampered or not, but cannot locate the tampered area.

   Considering the authentication watermark is sensitive to noise, the quantization technique is widely used in the authentication schemes. As a result, the effect of the noise created by the cover image is concealed. Kundur [22,23] proposed a semifragile watermarking authentication scheme based on the wavelet transform. The image is decomposed using the Haar wavelets. Both the embedding and extraction processes of authentication watermark depend on the quantization process of secret key selected wavelet transform coefficients. The spatial frequency property of wavelet transform helps to locate and characterize the tampered area. Yu et al. [24] developed Kundur's schemes, and modeled the probabilities of watermark errors caused by malicious tampering and incidental distortion as Gaussian distributions with large and small variances, respectively, and computed the best number of coefficients needed to embed watermark at each scale such that the trade-off between robustness and fragility is optimized, so the scheme can detect maliciously tampered areas while tolerating some incidental distortions.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B9780128120064000012

   Virtual Private Networks and Remote Access

   Eric Knipp, ... Edgar DanielyanTechnical Editor, in Managing Cisco Network Security (Second Edition), 2002

   Encapsulating Security Payload

   ESP is an important IPSec security protocol that provides data encryption, data authentication, and optional anti-replay services. ESP can be used on its own or with AH packet authentication. ESP encapsulates the data that is to be protected and can be deployed in either transport or tunnel mode. ESP is defined in RFC 2406 and uses IP Protocol number 50.

   Transport mode provides protection for upper layer protocols, but not for the IP header. This means that the ESP is inserted after the IP header and before an upper-layer protocol or any other IPSec header. With IPv4, this means the ESP is placed after the IP header (and any options that it contains), and before the upper layer protocol. This makes ESP and AH compatible with non-IPSec-compliant routers.

   Tunnel mode ESP may be employed in either hosts or security gateways. In tunnel mode, the “inner” IP header carries the ultimate source and destination addresses, while an “outer” IP header may contain distinct IP addresses (of security gateways, for example). In tunnel mode, ESP protects the entire inner IP packet, including the entire inner IP header. The position of ESP in tunnel mode relative to the outer IP header, is the same as for ESP in transport mode.

   In order to use NAT, you need to configure static NAT translations. This is due to AH being incompatible with NAT because NAT changes the source IP address. This, in turn, will break the AH header and cause the packets to be rejected by the IPSec peer or peers.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B978193183656250012X

   Security component fundamentals for assessment

   Leighton Johnson, in Security Controls Evaluation, Testing, and Assessment Handbook (Second Edition), 2020

   IPsec Fundamentals

   Authentication header (AH)

   AH, one of the IPSec security protocols, provides integrity protection for packet headers and data, as well as user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets.

   AH modes

   AH has two modes: transport and tunnel. In tunnel mode, AH creates a new IP header for each packet; in transport mode, AH does not create a new IP header. In IPSec architectures that use a gateway, the true source or destination IP address for packets must be altered to be the gateway's IP address. Because transport mode cannot alter the original IP header or create a new IP header, transport mode is generally used in host-to-host architectures.

   Encapsulating security payload (ESP)

   ESP is the second core IPSec security protocol. In the initial version of IPSec, ESP provided only encryption for packet payload data. Integrity protection was provided by the AH protocol if needed. In the second version of IPSec, ESP became more flexible. It can perform authentication to provide integrity protection, although not for the outermost IP header. Also, ESP's encryption can be disabled through the Null ESP Encryption Algorithm. Therefore, in all but the oldest IPSec implementations, ESP can be used to provide only encryption; encryption and integrity protection; or only integrity protection.

   ESP has two modes: transport and tunnel. In tunnel mode, ESP creates a new IP header for each packet. The new IP header lists the endpoints of the ESP tunnel (such as two IPSec gateways) as the source and destination of the packet. Because of this, tunnel mode can be used with all three VPN architecture models.

   Internet Key Exchange (IKE)

   The purpose of the Internet Key Exchange (IKE) protocol is to negotiate, create, and manage security associations. Security association (SA) is a generic term for a set of values that define the IPSec features and protections applied to a connection. SAs can also be manually created, using values agreed upon in advance by both parties, but these SAs cannot be updated; this method does not scale for real-life large-scale VPNs. IKE uses five different types of exchanges to create security associations, transfer status and error information, and define new Diffie–Hellman groups. In IPSec, IKE is used to provide a secure mechanism for establishing IPsec-protected connections.

   IP Payload Compression Protocol (IPComp)

   In communications, it is often desirable to perform lossless compression on data—to repackage information in a smaller format without losing any of its meaning. The IP Payload Compression Protocol (IPComp) is often used with IPSec. By applying IPComp to a payload first, then encrypting the packet through ESP, effective compression can be achieved.

   IPComp can be configured to provide compression for IPSec traffic going in one direction only (e.g., compress packets from endpoint A to endpoint B, but not from endpoint B to endpoint A) or in both directions. Also, IPComp allows administrators to choose from multiple compression algorithms, including DEFLATE and LZS.49 IPComp provides a simple yet flexible solution for compressing IPSec payloads.

   IPComp can provide lossless compression for IPSec payloads. Because applying compression algorithms to certain types of payloads may actually make them larger, IPComp only compresses the payload if it will actually make the packet smaller.

   IPSec uses IKE to create security associations, which are sets of values that define the security of IPsec-protected connections. IKE phase 1 creates an IKE SA; IKE phase 2 creates an IPSec SA through a channel protected by the IKE SA. IKE phase 1 has two modes: main mode and aggressive mode. Main mode negotiates the establishment of the bidirectional IKE SA through three pairs of messages, while aggressive mode uses only three messages. Although aggressive mode is faster, it is also less flexible and secure. IKE phase 2 has one mode: quick mode. Quick mode uses three messages to establish a pair of unidirectional IPSec SAs. Quick mode communications are encrypted by the method specified in the IKE SA created by phase 1.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B9780128184271000112

   Security in Wireless Systems

   Vijay K. Garg, in Wireless Communications & Networking, 2007

   13.3 Required Features for a Secured Wireless Communications System

   For wireless communications to be secure the following features must be available [8–12]:

   •

   User authentication proves that the users are who they claim to be.

   •

   Data authentication consists of data integrity and data origin authentication. With data integrity the recipient can be sure that the data has not changed. Data origin authentication proves to the recipient that the stated sender has originated the data.

   •

   Data confidentiality means the data is encrypted so that it is not disclosed while in transit.

   •

   Non-repudiation corresponds to a security service against denial by either party of creating or acknowledging a message.

   •

   Authorization is the ability to determine whether an authenticated entity has the permission to execute an action.

   •

   Audit is a history of events that can be used to determine whether anything has gone wrong and, if so, what it was, when it went wrong, and what caused it.

   •

   Access control enables only authorized entities to access resources.

   •

   Availability ensures that resources or communications are not prevented from access or transmission by malicious entities.

   •

   Defense against denial of service is the attack corresponding to the security service of availability.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B9780123735805500478

   The Blockchain Technology for Secure and Smart Applications across Industry Verticals

   Shubhani Aggarwal, Neeraj Kumar, in Advances in Computers, 2021

   2.2 Future transportation system with blockchain

   With the help of blockchain technology, there is no involvement of third-party authenticator. So, there is no single point of failure in the system. This technology is used for data authentication where the whole network can contribute and validate data, which makes the system tamper-proof and transparent.

   Fig. 2 shows if blockchain is implemented and shared by all entities then, it eliminates redundancy by having a single source of truth. In this context, a new platform called blockchain in transport alliance (BiTA) is working for applying blockchain technology to solve the problems of an the transportation system. This platform has been used for creating a decentralized framework to activate the development of blockchain applications for logistics management, asset tracking, transaction processing, and more.

   

   Fig. 2. Future transportation system with blockchain.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/S0065245820300772

   Computer Networks

   Jordanka Ivanova, Michael Jurczyk, in Encyclopedia of Physical Science and Technology (Third Edition), 2003

   VII.A Security Services

   Security services are intended to protect a system from security attacks, to prevent attacks, or both by utilizing different security mechanisms. User authentication is the process of verifying the identity of a user. In the case of a user-to-user communication, both users have to be checked. Traditionally, in the client–server domain, the authentication is focused on the client side, since the system should be protected from users and not vice versa. However, for some applications such as e-commerce, server authentication is equally important to ensure that it is the correct server a customer is communicating with. Data authentication describes the verification of a particular data or message origin.

   Authorization refers to the restriction of access to data and/or nodes. A user can be accepted into the network/node through authentication, but he/she might not have access to all of the files. Restriction lists or access lists and membership control are generally provided by the operating system. Another important service is integrity. It protects transmitted data from changes, duplication, or destruction. Modifications due to an error or intruder can usually be detected and fixed by the network protocol. If the data is sensitive, then integrity is combined with confidentiality service. Confidentiality is a service that protects all user data transmitted over a network. Even if data is intercepted by a third party, that third party will be unable to read the data. The non-repudiation service prevents a sender or receiver from denying a transmitted message (e.g., for on-line purchase proof).

   Security attack is defined as any action, intended or not, that compromises the security of the information and/or system. Attacks can generally be passive or active. Passive attacks can be the copying of information or a traffic analysis. Active attacks involve some modification of the original data or fabrication of new data, such as replay or interruption of data. Security mechanisms are designed to prevent, protect, and recover from security attacks. Since no technique is able to provide full protection, the designers and/or system administrators of a network are responsible for choosing and implementing different security mechanisms.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B0122274105001332

   MCSE 70-293: Planning, Implementing, and Maintaining Internet Protocol Security

   Martin Grasdal, ... Dr.Thomas W. ShinderTechnical Editor, in MCSE (Exam 70-293) Study Guide, 2003

   Summary

   In this chapter, we took a close look at Windows Server 2003’s implementation of IPSec. We first provided an overview of the goals and purposes of IPSec, and then we discussed the features built into Microsoft’s implementation, including the IPSec management console, IPSec integration with Active Directory, supported authentication methods, and backward compatibility with Windows 2000.

   You learned some of the terminology and concepts used in discussing IPSec. Specifically, you learned about the two primary protocols used by IPSec: AH and ESP, You learned that AH provides for data authentication and integrity, and ESP also provides those services, and also adds data confidentiality. AH and ESP can be used separately or together.

   You learned that an SA is an agreement between two IPSec-enabled computers as to the security settings that will be used for a communication session. The SA is negotiated according to the settings on each computer.

   Then you learned about the key-management and key-exchange protocols associated with IPSec, including ISAKMP and IKE, and the Oakley key-determination protocol and the Diffie-Hellman key-generation protocols. You learned about the DES and 3DES encryption algorithms and the MD-5 and SHA hashing algorithms.

   We covered the basics of how SAs function, and you learned that IKE uses a bidirectional SA called a main mode SA. However, the SAs used by IPSec itself are unidirectional, and there are two per communication: one for outbound and one for inbound traffic.

   We discussed the purposes of security—authentication, integrity, and confidentiality—along with the related concept of nonrepudiation. You learned that authentication deals with verification of identity, integrity ensures that data has not been changed, and confidentiality “scrambles” the data so it cannot be read by unauthorized persons. Nonrepudiation is a way to ensure that the sender of a message will not be able to later deny sending it.

   You learned about the two modes in which IPSec can operate: tunnel mode and transport mode. We examined how tunnel mode is used primarily between gateways or between a server and a gateway. You learned that transport mode, on the other hand, provides end-to-end security (from the originating computer to the destination).

   We examined the role of the IPSec driver, and you learned that it is used to match packets against the filter list and applies specified filter actions.

   You learned how to plan an IPSec deployment, and how to use the IPSec extensions for the new Windows Server 2003 tool, RSoP, to learn what the effects of IPSec policies will be. We took a look at the default policies and how you can use the IPSec management console to enable or modify them. You learned that there are three default policies: Client (Respond Only), Server (Request Security), and Server (Require Security). You also learned about creating custom policies.

   We also discussed how to use the command-line tool netsh with the ipsec context that is new to Windows Server 2003, and you learned that this context operates in one of two modes: static mode, which can be used to perform the same basic functions as the IP Security Policy Management MMC, and dynamic mode, which is used to display the current state of IPSec and immediately affect the configuration of IPSec policies.

   Finally, you learned about troubleshooting problems with IPSec, using handy tools such as the IP Security Monitor console and the Network Monitor.

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B9781931836937500142

   Introduction

   M. Paul Pandian, in RFID for Libraries, 2010

   RFID benefits

   Five technological core benefits distinguish RFID technology from alternative technologies (OECD, 2007): traveling data storage, contactless data transmission and absence of line-of-sight, bulk reading, robustness, and the ability to integrate sensor technology. These five technological core benefits entail a variety of usage benefits. For example, highly automated data handling and authentication automated data handling requires less physical contact, reduces manual errors and allows for real-time inventory, and, generally speaking, an overall higher speed of operations and transactions. With traveling data storage, contactless data transmission and bulk reading, items can be tracked and their location can be precisely determined, which prevents shrinkage and allows for theft and diversion prevention as well as anti-counterfeiting measures. These usage benefits of RFID contribute to business benefits such as improved processes, improved inventory auditing, efficient access and exit control, and value-added services to customers.

   RFID is mostly used for identifying people, objects, transactions, or events through a wireless communication connection. The development of RFID technology emerges to be one of the most interesting innovations for the improvement of business process efficiency across various sectors including the manufacturing, transportation and logistics, wholesale distribution, retail trade, and library sectors. Despite first appearing in tracking and access applications in the 1980s, the potential of RFID has only been recognized relatively recently. Using RFID tags, it is possible to identify and track objects and people without time delays, without human intervention, and thus without variable costs. With even smaller, smarter, and cheaper tags and readers, RFID is opening up amazing value chain possibilities. Through RFID technology, organizations can improve efficiency and visibility, cut costs, better utilize their assets, produce higher quality goods, reduce shrinkage, or counterfeiting and increase sales by reducing out-of-stocks. Also, RFID can gain a number of social benefits both in the private sector and the public sector. All this means that RFID will have a great impact on the processes and IT systems of organizations and public and societal organizations. Use of RFID is expected to increase the cost-effectiveness of public transport, to fight fraud, to increase social safety, and to introduce additional services. RFID offers many benefits to a wide variety of industries. In healthcare, RFID is expected to combat counterfeiting, to increase the quality of care, to improve the availability of health information, to prevent surgical mistakes, and to reduce theft of medical equipment. In the retail sector, RFID is expected to lead to less out-of-stock items, to more efficient logistics, to better consumer profiles, and to better quality information. These are clear benefits, which show up in the short return on investment periods, indicating the high economic value of the RFID implementations (Lieshout et al., 2007).

   The transportation and automotive sectors have also made headway. With the backing of major global brands and increased convergence around global technical standards, RFID is gaining momentum. It can help stakeholders to reduce shrinkage, reduce material handling costs, increase data accuracy, enable supply chain business process innovation, and improve information sharing. RFID’s potential benefits are large and many novel applications will emerge in the future – some of which cannot be imaginable now. Table 1.4 (Das, 2006) shows that the larger application of RFID might generate a number of socio-economic benefits. It is obvious that the price–development of the tags is only one factor in the adoption and broad application of RFID. The development of some potential markets might not be as price-sensitive as often is believed, because of the social benefits that (also) might be realized.

   Table 1.4. Potential benefits of RFID applications in various application areas

   Application areaPotential benefitsCost reductionIncreased salesCrime reductionBetter serviceSafetyRemoval of tedious proceduresLibrary books, DVDs, etc.Yes–YesYes–YesParts for aircraft and other machineryYes–YesYesYesYesBlood bags and samplesYes––YesYesYesMilitaryYes–YesYesYesYesBook retailYesYesYesYesYesDrugs
   prescriptionYesYesYesYesYesYesPostalYes–YesYesYesYesOther consumer packaged goods (CPG)YesYesYesYesYesYes

   Source: Das (2006).

   Read moreNavigate Down

   View chapterPurchase book

   Read full chapter

   URL: https://www.sciencedirect.com/science/article/pii/B978184334545950001X

   Design for eHealth and telehealth

   Dena Al-Thani, ... Lakshman S. Tamil, in Design for Health, 2020

   Security and privacy

   Security and privacy are extremely important for the successful acceptance of telehealth systems by both the patients and the healthcare providers (Lim, Oh, Choi, & Lakshman, 2010). The security and privacy should be considered from the start during the architecture and the design phase; retrofitting security or privacy requirements after the product is developed will be a big challenge. The development team that does functional requirements should also develop requirements for security and privacy of the system. It should start with the threat modeling, examining the security and privacy features, the features that can cause security breaches, and those features that can cause trust or privacy breaches. The threat modeling should start with modeling of the application, listing of the threats, and then listing the threat mitigation strategies, followed by the test cases for validating each of the mitigation strategies. In order to optimize the whole telehealth or eHealth system for security and privacy, the system should be divided into zones: device, gateway, cloud, and service. Zoning provides an easier way to segment the solution; each zone has its own data, authentication, and authorization. Each zone is separated by a trust boundary that represents the transition of data from one source to the other, and during this transition there can be threats such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privileges, and they should be modeled (Shahan & Lamos, 2018).

   The device zones are made up of wearable devices or medical devices attached to the patients. These are, in general, connected to the gateways via wires or wirelessly using short-range radios and personal area networking protocols such as Bluetooth or Zigbee. In the future with the advent of 5G, they may all be connected through 5G via IP protocol. The gateway zones comprise the gateways and all their connected devices. A gateway has two sides, one connected to the devices and the other connected to a cloud via Wi-Fi or 3G/4G and in the future via 5G. In the case of telehealth, this gateway can be a special appliance with communication and processing facilities or a smartphone. The functions of the gateway include control of the device, communication of the data received from the device to the cloud, and edge processing of the data. The cloud zone includes the cloud, the gateways, and the devices attached to the gateways. The cloud normally is not in the same space as the gateways. Multiple gateways that are geographically separated can be connected to the cloud. The control of the device, storage, and processing of the data can be done separately but connected via the cloud. The service zone is any software component that connects to the devices via gateway or cloud. They act under their identity toward gateways and clouds to store data, analyze data and autonomously issue commands and controls the devices.

   Which security service requires that neither the sender nor the receiver of a message be able to deny the transmission?

   Definition(s): Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.

   Which of the following security requirements ensure that the received data is exactly as sent by the sender and is not modified in transit?

   Nonrepudiation provides proof of the origin, authenticity and integrity of data. It provides assurance to the sender that its message was delivered, as well as proof of the sender's identity to the recipient. This way, neither party can deny that a message was sent, received and processed.

   Which of the following options ensures privacy of messages sent and received?

   Message confidentiality means that the sender and the receiver expect privacy. Message integrity means that the data must arrive at the receiver exactly as they were sent. Message authentication means the receiver is ensured that the message is coming from the intended sender.

   Which of the following means that the receiver is ensured that the message is coming from the intended sender not an imposter?

   Message integrity means that the data must arrive at the receiver exactly as sent. from the intended sender, not an imposter. that he sent.