RFID in eHealth: How to Combat Medication Errors and Strengthen Patient Safety Articles uri icon

publication date

  • January 2013

start page

  • 363

end page

  • 372

issue

  • 4

volume

  • 33

international standard serial number (ISSN)

  • 1609-0985

abstract

  • A medication error is an adverse event or even a miss in the treatment process that may harm a patient. As a consequence of this, patients' diseases may recrudesce and the mortality rate could rise. Therefore, medication errors have consequences in human terms and result in higher medical costs. Advanced inpatient medication safety systems can help reduce such errors in hospitals. Radio-frequency identification (RFID)-based systems are a promising solution for such applications. In this context, RFID grouping-proofs have been proposed to generate evidence that a collection of tags were read at the same time. These proofs are useful for automating the five rights method (right patient, right drug, right dose, right route, and right time). Wu et al. recently proposed an RFID grouping-proof Unfortunately, the security level offered by this protocol is too low, as demonstrated here. This study shows how a passive attacker can conduct a full-disclosure attack. The cost of the proposed attack is only O(2(32)), which is inappropriate for medical applications, and thus the attack requires only a few minutes on a personal computer. In addition, a de-synchronization attack can be conducted with only two runs of the protocol Finally, as the idea of using grouping-proofs seems useful to enhance patient safety, a protocol called EKATE is proposed and a security analysis is performed.