Medical area has been benefited by the use of ICT (Information and
Communication Technology) in recent days. CMIS (Combined Mobile Information
System), our proposed model system, is such a system targeted for health care
system. IMIS (Integrated Mobile Information System), a system for diabetic
healthcare, which is being developed in Blekinge Institute of Technology will
be taken as a case study for our proposed system. CMIS is a multi-role system
with core service being medical-care related and others like self-monitoring,
journal-writing, communicating with fellow patients, relatives, etc. The main
reason for not using CMIS could be the security and privacy of the users'
information. Any system connected to Internet is always prone to attack, and we
think CMIS is no exception. The security and privacy is even more important
considering the legal and ethical issues of the sensitive medical data. The
CMIS system can be accessed through PDA (Personal Digital Assistant), smart
phones or computer via Internet using GPRS (General Packet Radio Service)/UMTS
(Universal Mobile Telecommunication System) and wired-communication
respectively. On the other hand, it also increases the burden for security and
privacy, related to the use of such communications. This thesis discusses
various security and privacy issues arising from the use of mobile
communication and wired communication in context of CMIS i.e., issues related
to GPRS (mobile) and web application (using wired communication). Along with
the threats and vulnerabilities, possible countermeasures are also discussed.
This thesis also discusses the prospect of using MP2P (Mobile Peer-to-Peer) as
a service for some services (for example, instant messaging system between
patients) in CMIS. However, our main concern is to study MP2P feasibility with
prospect to privacy. In this thesis, we have tried to identify various security
and privacy threats and vulnerabilities CMIS could face, security services
required to be achieved and countermeasure against those threats and
vulnerabilities. In order to accomplish the goal, a literature survey was
carried out to find potential vulnerabilities and threats and their solution
for our proposed system. We found out that XSS (cross-site scripting), SQL
injection and DoS attack being common for a web application. We also found that
attack ...