Subscribe Now Subscribe Today
Research Article
 

Secure Topology for Electronic Medical Record Transmissions



Hamdan O. Alanizi, M.L. Mat Kiah, A.A. Zaidan, B.B. Zaidan and Gazi Mahabubul Alam
 
Facebook Twitter Digg Reddit Linkedin StumbleUpon E-mail
ABSTRACT

In this study, handshake protocol for patient, medical center and doctor, medical center is proposed for electronic medical record transmission to improve the confidentiality of data transmission and non-repudiation of sending and receiving medical records. The proposed topology depends on symmetric and asymmetric cryptography to achieve high level of secrecy for electronic medical records. The new topology has been described on multi-users (i.e., Doctors and Patient). The new topology has been implemented using Ntru crypto-system and AES encryption method. The proposed solution has been tested to have high level of confidentiality up to the legal age of the medical records.

Services
Related Articles in ASCI
Search in Google Scholar
View Citation
Report Citation

 
  How to cite this article:

Hamdan O. Alanizi, M.L. Mat Kiah, A.A. Zaidan, B.B. Zaidan and Gazi Mahabubul Alam, 2010. Secure Topology for Electronic Medical Record Transmissions. International Journal of Pharmacology, 6: 954-958.

DOI: 10.3923/ijp.2010.954.958

URL: https://scialert.net/abstract/?doi=ijp.2010.954.958
 
Received: August 30, 2010; Accepted: October 01, 2010; Published: December 13, 2010



INTRODUCTION

Security is defined as the degree of protection against danger, damage, loss and criminal activity (Qabajeh et al., 2009; Hameed et al., 2010). Particularly when a message must be delivered to more than one destination, authentication and confidentiality are required (Al-Frajat et al., 2010; Raad et al., 2010). Providing security for electronic documents is an important issue (Zaidan et al., 2010h; Ahmed et al., 2010). In information security confidential information or confidential data must only be used, accessed, disclosed or copied by users who have the authorization and only when there is a real need (Zaidan et al., 2010c; Alam et al., 2010). While integrity means that data can not be modified without authorization (Hmood et al., 2010c; Zaidan et al., 2010i). Non- repudiation is the receiver can not deny having received the data nor can the other party denies having sent a data (Naji et al., 2009; Zaidan et al., 2010f). Electronic medical records or EMR is typically digitalizing the legal medical record created at the delivers care organization, such as hospital and doctors’ surgery. Many people consider their health information to be highly sensitive data and deserving the strongest protection under the law (Alanazi et al., 2010; Hashim et al., 2010). Several electronic medical record systems have been implemented in the literature however; these systems have weaknesses in the security. Brandner et al. (2002) provided an electronic signature using PKI. Moreover, they mentioned about the signature law and how it has to be incorporated in electronic patient records. Their intended PKI is based in the German signature Law. Smith and Eloff (1999) has stated that RSA Digital Signature Technology be able to enroll the authenticity of images to at least the stage of confidence necessary for interbank electronic transfer. Epstein et al. (1998) gave an impression of new security concerns, new legislation mandating secure medical records and solutions given that security, he depicted that RSA as a digital signature algorithm to secure the medical records. Janbandhu and Siyal (2001) proposed biometric signatures to secure the medical records; the new approach has integrated the biometrics with RSA PKI based on digital signature generation. According to (Maitra and Sarkar, 2008; Schridde et al., 2009) we can observe that RSA is no more security supplementary. Gobi and Vivekanandan (2009) proposed the digital envelope that combines MD5 and advance encryption standard AES with Hyper Elliptic Curve Cryptography (HECC). Suitability of this algorithm due to the limitation of the hardware is quite expensive. Moreover, there are number of attackers available on ECC.

Electronic medical records required security solution that can provide confidentiality for more than 30 year (the legal age of electronic medical records).

CRYPTOGRAPHY

Encryption is the process of transforming data (i.e., plaintext) to unreadable data (i.e., cipher) using one of the cryptography methods. Decryption is the process of retrieve the plaintext from the cipher using revised process of encryption (Zaidan et al., 2010a; Al-Bakri and Kiah, 2010).

Cryptography has two main techniques; symmetric and asymmetric. An encryption method called symmetric cryptography when sender and receiver use the same key for encryption and decryption (Abomhara et al., 2010a; Zaidan et al., 2010e). Asymmetric cryptography refers to the cryptography systems using two keys (i.e., public and private key), one for encryption and other key for decryption (Abomhara et al., 2010a, b; Zaidan et al., 2010d).

Symmetric cryptography is faster than the asymmetric; however, with symmetric cryptography we can only achieve data confidentiality (Zaidan et al., 2010j; Al-Bakri and Kiah, 2010). Unlike symmetric, asymmetric provide data integrity and non-repudiation in addition to the confidentiality.

Symmetric cryptography has many algorithms such as blowfish, DES and AES. AES- Rijndael considered as the strongest symmetric cryptography algorithms (Hmood et al., 2010b; Zaidan et al., 2010g). AES- Rijndael has been chosen from US government to secure the high sensitive data.

Asymmetric cryptography has number of algorithms such as RSA, ECC and Ntru (Al-Bakri and Kiah, 2010; Zaidan et al., 2010b). In the literature, Ntru has been approved to be the fastest PKI among the RSA and ECC; moreover, Ntru is providing high security comparing with RSA and ECC. Unlike RSA and ECC, there is no real attacker available for Ntru (Yee and Kiah, 2010; Hmood et al., 2010a; Al-Bakri and Kiah, 2010).

In this research, we proposed AES- Rijndael and Ntru PKI to implement high secure electronic medical records transmission over unsecure channels.

SECURE TOPOLOGIES FOR ELECTRONIC MEDICAL RECORDS

Electronic medical records considered as sensitive data, many users have the access to this data such as internal doctors, administrator, insurance companies and patients. With this number of users, maintain the security become a difficult task. In this study, we proposed a secure topology to ensure the confidentiality, integrity and non- repudiation using symmetric and asymmetric cryptography. The new topology overcomes the weaknesses of the previous systems.

Then we will describe the system in four scenarios; these scenarios assumed the server has public key PuS and private key PrS.

Scenario one: First registration at the medical center.

In this scenario, the patient registers at the medical center for the first time. The medical center admin register the information of the patient and generate his/her session key (Fig. 1) as follow:

1: Patient register in the medical center XYZ
2: Admin full his/ her information and generate session key S

Scenario two: Signup for new account.

In this scenario, the patient registers as a client in the system, consider the patient X has session key S send request message M to the server (Fig. 2):

1: Send request to the server using the patient session key S, X enc(M)S
2: Server decrypt the request using the patient session key S and get the message M, Server dec(M)S
3: Server generate the public and private key for patient X, PuX, PrX


Image for - Secure Topology for Electronic Medical Record Transmissions
Fig. 1: Patient first registration


Image for - Secure Topology for Electronic Medical Record Transmissions
Fig. 2: Patient signup his/her account

4: Sever send PuX, PrX to the patient encrypted by session key S, Server enc(PuX, PrX)S
5: Patient decrypts the message using his/ her session key. Patient has session key S, public key PuX and private key PrX

Scenario three: Patient request for his/ her medical record.

In this scenario, the patient requests for his/her records are as follows (Fig. 3):

1: Patient send request for the server public key PuS
2: Server send the public key to the patient
3: Patient send other request R encrypted by the server public key and encrypted again by his/her session key X enc((R) PuS)S
4: Server decrypt the request by the patient session key and server private key Server dec((R) PrS)S
5: Server encrypt the medical record MR using the patient public key and patient session key Server enc((MR) PuX)S
6: Patient decrypt the record using his/her session key and private key X dec((MR) PrX)S

Scenario four: Doctor request for patient records.

In this scenario the doctor request for patient records are as follows: (Fig. 4):

1: Doctor send request for the server public key PuS
2: Server send the public key to the doctor
3: Doctor send other request R encrypted by the server public key and encrypted again by the doctor session key Dr_X enc((R) PuS)Sx


Image for - Secure Topology for Electronic Medical Record Transmissions
Fig. 3: Patient requests his/her records


Image for - Secure Topology for Electronic Medical Record Transmissions
Fig. 4: Doctor requests for patient records

4: Server decrypt the request by the doctor session key and server private key Server dec((R) PrS)Sx
5: Server encrypt the medical record MR using the doctor public key and patient session key Server enc((MR) PuX)Sx
6: Doctor decrypt the record using his/her session key and private key Dr_X dec((MR) PrDrX)Sx

CONCLUSION

In this study we present secure topology for electronic medical records using hybrid approach consist of symmetric and asymmetric cryptography. Since available attackers for both AES- Rijndael and Ntru PKI do not exist. Ntru cryptosystem and AES- Rijndael have been proposed in our topology. The proposed topology used the share keys and PKI to achieve high confidentiality on data transmission and prevent the receivers (i.e. the patients themselves or doctor) from deny having received the data. Moreover, our system can provide evidence about the person who has the access to patient records in case of legal and illegal accesses.

ACKNOWLEDGMENTS

This research has been funded in part from University of Malaya under No. UM.C/625/1. The Authors would like to acknowledge Multimedia University as the Co-funder for this research.

REFERENCES

  1. Abomhara, M., O.O. Khalifa, O. Zakaria, A.A. Zaidan, B.B. Zaidan and H.O. Alanazi, 2010. Suitability of using symmetric key to secure multimedia data: An overview. J. Applied Sci., 10: 1656-1661.
    CrossRef  |  Direct Link  |  


  2. Abomhara, M., O.O. Khalifa, O. Zakaria, A.A. Zaidan, B.B. Zaidan and A. Rame, 2010. Video compression techniques: An overview. J. Applied Sci., 10: 1834-1840.
    CrossRef  |  Direct Link  |  


  3. Ahmed, M.A., M.L.M. Kiah, B.B. Zaidan and A.A. Zaidan, 2010. A novel embedding method to increase capacity and robustness of low-bit encoding audio steganography technique using noise gate software logic algorithm. J. Applied Sci., 10: 59-64.
    CrossRef  |  Direct Link  |  


  4. Alam, G.M., M.L.M. Kiah, B.B. Zaidan, A.A. Zaidan and H.O. Alanazi, 2010. Using the features of mosaic image and AES cryptosystem to implement an extremely high rate and high secure data hidden: Analytical study. Sci. Res. Essays, 5: 3254-3260.
    Direct Link  |  


  5. Alanazi, H.O., H.A. Jalab, G.M. Alam, B.B. Zaidan and A.A. Zaidan, 2010. Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res., 4: 2059-2074.
    Direct Link  |  


  6. Al-Frajat, A.K., H.A. Jalab, Z.M. Kasirun, A.A. Zaidan and B.B. Zaidan, 2010. Hiding data in video file: An overview. J. Applied Sci., 10: 1644-1649.
    CrossRef  |  Direct Link  |  


  7. Al-Bakri, S.H. and M.L.M. Kiah, 2010. A novel peer-to-peer SMS security solution using a hybrid technique of NTRU and AES-Rijndael. Sci. Res. Essays,


  8. Brandner, R., M. van der Haak, M. Hartmann, R. Haux and P. Schmucker, 2002. Electronic signature for medical documents-integration and evaluation of a public key infrastructure in hospitals. Methods Inform. Med., 41: 321-330.
    PubMed  |  


  9. Epstein, M.A., M.S. Pasieka, W.P. Lord, S.T.C. Wong and N.J. Mankovich, 1998. Security for the digital information age of medicine: Issues, applications and implementation. J. Digit. Imag., 11: 33-44.
    PubMed  |  


  10. Gobi, M. and K. Vivekanandan, 2009. A new digital envelope approach for secure electronic medical records. Int. J. Comput. Sci. Network Security, 9: 1-6.
    Direct Link  |  


  11. Hameed, S.A., B.B. Zaidan, A.A. Zaidan, A.W. Naji and O.F. Tawfiq, 2010. An accurate method to obtain bio-metric measurements for three dimensional skull. J. Applied Sci., 10: 145-150.
    CrossRef  |  Direct Link  |  


  12. Hashim, F., G.M. Alam and S. Siraj, 2010. Information and communication technology for participatory based decision-making-E-management for administrative efficiency in higher education. Int. J. Phys. Sci., 5: 383-392.
    Direct Link  |  


  13. Hmood, A.K., H.A. Jalab, Z.M. Kasirun, B.B. Zaidan and A.A. Zaidan, 2010. On the capacity and security of steganography approaches: An overview. J. Applied Sci., 10: 1825-1833.
    CrossRef  |  Direct Link  |  


  14. Hmood, A.K., Z.M. Kasirun, H.A. Jalab, G.M. Alam, A.A. Zaidan and B.B. Zaidan, 2010. On the accuracy of hiding information metrics: Counterfeit protection for education and important certificates. Int. J. Phys. Sci., 5: 1054-1062.
    Direct Link  |  


  15. Hmood, A.K., B.B. Zaidan, A.A. Zaidan and H.A. Jalab, 2010. An overview on hiding information technique in images. J. Applied Sci., 10: 2094-2100.
    CrossRef  |  Direct Link  |  


  16. Janbandhu, P.K. and M.Y. Siyal, 2001. Novel biometric digital signatures for Internet based applications. Inform. Manage. Comput. Security, 9: 205-212.
    CrossRef  |  


  17. Naji, A.W., A.A. Zaidan and B.B. Zaidan, 2009. Challenges of hidden data in the unused area two within executable files. J. Comput. Sci., 5: 890-897.
    CrossRef  |  Direct Link  |  


  18. Qabajeh, L.K., M.L.M. Kiah and M.M. Qabajeh, 2009. A scalable and secure position-based routing protocol for ad-hoc networks. Malaysian J. Comput. Sci., 22: 99-120.
    Direct Link  |  


  19. Raad, M., N.M. Yeassen, G.M. Alam, B.B. Zaidan and A.A. Zaidan, 2010. Impact of spam advertisement through e-mail: A study to assess the influence of the anti-spam on the e-mail marketing. Afr. J. Bus. Manage., 4: 2362-2367.
    Direct Link  |  


  20. Schridde, C., M. Smith and B. Freisleben, 2009. TrueIP: Prevention of IP spoofing attacks using identity-based cryptography. Proceedings of the 2nd International Conference of Security of Information and Networks, Oct. 06-10, Famagusta, Cyprus, pp: 128-137
    CrossRef  |  


  21. Smith, E. and J.H.P. Eloff, 1999. Security in health-care information systems-current trends. Int. J. Med. Inform., 54: 39-54.
    PubMed  |  


  22. Yee, P.L. and M.L.M. Kiah, 2010. Shoulder surfing resistance using penup event and neighbouring connectivity manipulation. Malaysian J. Comput. Sci., 23: 121-140.
    Direct Link  |  


  23. Zaidan, A.A., B.B. Zaidan, A.K. Al-Fraja and H.A. Jalab, 2010. Investigate the capability of applying hidden data in text file: An overview. J. Applied Sci., 10: 1916-1922.
    CrossRef  |  Direct Link  |  


  24. Zaidan, A.A., B.B. Zaidan, A.K. Al-Frajat and H.A. Jalab, 2010. An overview: Theoretical and mathematical perspectives for advance encryption standard/rijndael. J. Applied Sci., 10: 2161-2167.
    CrossRef  |  Direct Link  |  


  25. Zaidan, A.A., B.B. Zaidan, H.O. Alanazi, A. Gani, O. Zakaria and G.M. Alam, 2010. Novel approach for high (Secure and rate) data hidden within triplex space for executable file. Sci. Res. Essays, 5: 1965-1977.
    Direct Link  |  


  26. Zaidan, A.A., B.B. Zaidan, A.Y. Taqa, M.A. Sami, G.M. Alam and A.H. Jalab, 2010. Novel multi-cover steganography using remote sensing image and general recursion neural cryptosystem. Int. J. Phys. Sci., 5: 1776-1786.
    Direct Link  |  


  27. Zaidan, B.B., A.A. Zaidan, A.K. Al-Frajat and H.A. Jalab, 2010. On the differences between hiding information and cryptography techniques: An overview. J. Applied Sci., 10: 1650-1655.
    CrossRef  |  Direct Link  |  


  28. Zaidan, B.B., A.A. Zaidan, A. Taqa, G.M. Alam, M.L.M. Kiah and H.A. Jalab, 2010. StegoMos: A secure novel approach of high rate data hidden using mosaic image and ANN-BMP cryptosystem. Int. J. Phys. Sci., 5: 1796-1806.
    Direct Link  |  


  29. Zaidan, A.A., H.A. Karim, N.N. Ahmed, G.M. Alam and B.B. Zaidan, 2010. A new hybrid module for skin detector using fuzzy inference system structure and explicit rules. Int. J. Phys. Sci., (In Press).


  30. Zaidan, A.A., N.N. Ahmed, H.A. Karim, G.M. Alam and B.B. Zaidan, 2010. Increase reliability for skin detector using backprobgation neural network and heuristic rules based on YCbCr. Sci. Res. Essays, 5: 2931-2946.
    Direct Link  |  


  31. Zaidan, A.A., H.A. Karim, N.N. Ahmed, G.M. Alam and B.B. Zaidan, 2010. A novel hybrid module of skin detector using grouping histogram technique for bayesian method and segment skin adjacent-nested technique for neural network. Int. J. Phys. Sci., (In Press).


  32. Zaidan, A.A., N.N. Ahmed, H.A. Karim, G.M. Alam and B.B. Zaidan, 2010. Spam influence on the business and economy: Theoretical and experimental study for textual anti-spam filtering using mature document processing and naive bayesian classifier. Afr. J. Bus. Manage., (In Press).


  33. Maitra, S. and S. Sarkar, 2008. Revisiting Wiener's Attack-New Weak Keys in RSA. In: Information Security, Wu, T.C., C.L. Lei, V. Rijmen and D.T. Lee (Eds.). LNCS. 5222, Springer-Verlag, Berlin, pp: 228-233
    CrossRef  |  


©  2022 Science Alert. All Rights Reserved