Change search
ReferencesLink to record
Permanent link

Direct link
Reviewing Security and Privacy Aspects in Combined Mobile Information System (CMIS) for health care systems
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
2007 (English)Independent thesis Advanced level (degree of Master (One Year))Student thesis
Abstract [en]

Medical area has been benefited by the use of ICT (Information and Communication Technology) in recent days. CMIS (Combined Mobile Information System), our proposed model system, is such a system targeted for health care system. IMIS (Integrated Mobile Information System), a system for diabetic healthcare, which is being developed in Blekinge Institute of Technology will be taken as a case study for our proposed system. CMIS is a multi-role system with core service being medical-care related and others like self-monitoring, journal-writing, communicating with fellow patients, relatives, etc. The main reason for not using CMIS could be the security and privacy of the users' information. Any system connected to Internet is always prone to attack, and we think CMIS is no exception. The security and privacy is even more important considering the legal and ethical issues of the sensitive medical data. The CMIS system can be accessed through PDA (Personal Digital Assistant), smart phones or computer via Internet using GPRS (General Packet Radio Service)/UMTS (Universal Mobile Telecommunication System) and wired-communication respectively. On the other hand, it also increases the burden for security and privacy, related to the use of such communications. This thesis discusses various security and privacy issues arising from the use of mobile communication and wired communication in context of CMIS i.e., issues related to GPRS (mobile) and web application (using wired communication). Along with the threats and vulnerabilities, possible countermeasures are also discussed. This thesis also discusses the prospect of using MP2P (Mobile Peer-to-Peer) as a service for some services (for example, instant messaging system between patients) in CMIS. However, our main concern is to study MP2P feasibility with prospect to privacy. In this thesis, we have tried to identify various security and privacy threats and vulnerabilities CMIS could face, security services required to be achieved and countermeasure against those threats and vulnerabilities. In order to accomplish the goal, a literature survey was carried out to find potential vulnerabilities and threats and their solution for our proposed system. We found out that XSS (cross-site scripting), SQL injection and DoS attack being common for a web application. We also found that attack against mobile communication is relatively complex thus difficult to materialize. In short, we think that an overall planned security approach (routinely testing system for vulnerabilities, applying patches, etc) should be used to keep threats and attacks at bay.

Place, publisher, year, edition, pages
2007. , 32 p.
Keyword [en]
Privacy, Security, MP2P, CMIS, DoS, XSS, SQL Injection, Eavesdropping
National Category
Computer Science
URN: urn:nbn:se:bth-4649Local ID: diva2:831995
Available from: 2015-04-22 Created: 2007-06-22 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(816 kB)38 downloads
File information
File name FULLTEXT01.pdfFile size 816 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Interaction and System Design
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 38 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 51 hits
ReferencesLink to record
Permanent link

Direct link