Page 175 - ITU KALEIDOSCOPE, ATLANTA 2019
P. 175
THOUGHT-BASED AUTHENTICATED KEY EXCHANGE
Phillip H. Griffin
Griffin Information Security
ABSTRACT "universal access to health care for all a reality – across the
globe" [3]. With over "95% of the world population" being
Identity authentication techniques based on password- "covered by mobile networks" as of December 2018 and
authenticated key exchange (PAKE) protocols rely on weak over "7 billion mobile subscriptions in the world" [3], ICT
secrets shared between users and host systems. In PAKE, a is poised to connect patients to the "social services, health
symmetric key is derived from the shared secret, used to workers, and care agencies" that can help them overcome
mutually authenticate communicating parties, and then their healthcare challenges [2].
used to establish a secure channel for subsequent
communications. A common source of PAKE weak secrets Though there have been notable improvements in achieving
are password and passphrase strings. Though easily SDG outcomes, there is still much more work to be done.
recalled by a user, these inputs typically require keyboard ICT promises to play an increasingly important roll in this
entry, limiting their utility in achieving universal access. work, as it is the "technology with the greatest impact in
This paper describes authentication techniques based on promoting the inclusion of persons with disabilities" [4],
weak secrets derived from knowledge extracted from and it has the ability to eliminate isolation of the elderly by
biometric sensors and brain-actuated control systems. The "connecting them to the world around them" [5]. With the
derived secrets are converted into a format suitable for use growing availability of smart phones, wireless and mobile
by a PAKE protocol. When combined with other computing, ICT can deliver a new age, "not only of
authentication factors, PAKE protocols can be extended to information sharing in general, but of the proliferation of
provide strong, two-factor identity authentication that is web-based services" and mobile access that can help bring
easy to use by persons living in assistive environments. health and wellbeing to both " disabled and non-disabled
communities alike" [4].
Keywords – assistive environments, authentication,
biometrics, key exchange, security It is especially important to remediate security risk for those
people requiring assistive living services, and for those who
1. INTRODUCTION depend on telemedicine. The delivery of ICT "services
provided through cloud and web-based systems over
In 2017, the World Health Organization (WHO) reported unsecured public networks exposes this vulnerable
that more than "one billion people worldwide - about 15% population to increased security risk" [5]. Authentication
of the world's population" are persons with some form of and secure communications are crucial security controls for
disability [1]. Earlier United Nations (UN) and WHO those who must rely on telemedicine, which uses
reports predicted a tripling of the number of "people aged "telecommunications to, remotely, provide medical
65 or older" in 2010 "to 1.5 billion in 2050, 16 % of the information and services” and to reliably “transfer medical
entire world population" [2]. As the numbers of elderly and information and services from one place to another" [6].
disabled people continue to grow, more of them are striving
to retain their autonomy and remain in their homes. As the Providing vulnerable populations and their caregivers who
cost of healthcare continues to rise, governments have rely on these systems with security assurance begins with
struggled to find ways of providing care to these vulnerable reliable mutual authentication that is accessible by everyone.
populations. A user-centric approach guided by the design goals of
universal access can help to ensure that inclusive outcomes
Ambient assisted living (AAL) aims to achieve the UN are achieved. Providing data confidentiality and secure
Sustainable Development Goal (SDG) of ensuring healthy communications solutions that combat man-in-the-middle
lives and promoting the wellbeing of all people, regardless and phishing attacks is also critical. These goals can be met
of their age, location or income. At its core, AAL relies on by extending the capabilities and scope of an existing
the use of information and communications technology protocol used for secure authentication, Recommendation
(ICT) innovation, networks and standards to deliver ITU-T X.1035.
services that increase "the life quality of patients" and "their
relatives" [2]. ICT and "specifically mHealth solutions"
provide new opportunities to bring access to healthcare and
AAL services "to people in remote areas" and to make
978-92-61-28401-5/CFP1968P-ART @ ITU 2019 – 155 – Kaleidoscope
