Marriette Katarahweire, Engineer Bainomugisha, K. Mughal
{"title":"选定移动数据收集系统中的身份验证:现状、挑战、解决方案和差距","authors":"Marriette Katarahweire, Engineer Bainomugisha, K. Mughal","doi":"10.1109/MOBILESoft.2017.9","DOIUrl":null,"url":null,"abstract":"Mobile data collection systems (MDCS) in the health sector are of great benefit to health care providers and community workers especially in low-resource settings. MDCS enable the extension and provision of health services closer to the community by enabling data collection and diagnosis without the patient being in a hospital setting. MDCS, however, face a number security challenges including authentication and authorization of users, secure communication between a mobile client and the server, and secure application deployment. This paper provides a criteria and guidelines for evaluating an authentication model for MDCS. The criteria encompass key authentication dimensions including proper local and remote authentication, password management and recovery especially with no Internet connectivity. We assess the authentication models using two reference systems that are widely used in low-resource settings, namely, District Health Information Software (DHIS 2) and mUzima. The findings reveal gaps in the authentication model of the reference systems including insecure authentication, insecure storage of user credentials on the mobile device and no proper automatic logouts, among others.","PeriodicalId":281934,"journal":{"name":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Authentication in Selected Mobile Data Collection Systems: Current State, Challenges, Solutions and Gaps\",\"authors\":\"Marriette Katarahweire, Engineer Bainomugisha, K. Mughal\",\"doi\":\"10.1109/MOBILESoft.2017.9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile data collection systems (MDCS) in the health sector are of great benefit to health care providers and community workers especially in low-resource settings. MDCS enable the extension and provision of health services closer to the community by enabling data collection and diagnosis without the patient being in a hospital setting. MDCS, however, face a number security challenges including authentication and authorization of users, secure communication between a mobile client and the server, and secure application deployment. This paper provides a criteria and guidelines for evaluating an authentication model for MDCS. The criteria encompass key authentication dimensions including proper local and remote authentication, password management and recovery especially with no Internet connectivity. We assess the authentication models using two reference systems that are widely used in low-resource settings, namely, District Health Information Software (DHIS 2) and mUzima. The findings reveal gaps in the authentication model of the reference systems including insecure authentication, insecure storage of user credentials on the mobile device and no proper automatic logouts, among others.\",\"PeriodicalId\":281934,\"journal\":{\"name\":\"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)\",\"volume\":\"94 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MOBILESoft.2017.9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBILESoft.2017.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Authentication in Selected Mobile Data Collection Systems: Current State, Challenges, Solutions and Gaps
Mobile data collection systems (MDCS) in the health sector are of great benefit to health care providers and community workers especially in low-resource settings. MDCS enable the extension and provision of health services closer to the community by enabling data collection and diagnosis without the patient being in a hospital setting. MDCS, however, face a number security challenges including authentication and authorization of users, secure communication between a mobile client and the server, and secure application deployment. This paper provides a criteria and guidelines for evaluating an authentication model for MDCS. The criteria encompass key authentication dimensions including proper local and remote authentication, password management and recovery especially with no Internet connectivity. We assess the authentication models using two reference systems that are widely used in low-resource settings, namely, District Health Information Software (DHIS 2) and mUzima. The findings reveal gaps in the authentication model of the reference systems including insecure authentication, insecure storage of user credentials on the mobile device and no proper automatic logouts, among others.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
