Subscribe Now Subscribe Today
Research Article
 

Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission



Mohamed Shabbir A. Nabi, M.L. Mat Kiah, B.B. Zaidan, A.A Zaidan and Gazi Mahabubul Alam
 
Facebook Twitter Digg Reddit Linkedin StumbleUpon E-mail
ABSTRACT

Simple object access protocol or SOAP originally defined as protocol specification for exchanging structured information. SOAP relies on XML for its message format and other application protocols, particularly RPC and HTTP. XML considered as the universal language for data transmission on the Internet, however, end-to-end protection of messages must either be implemented within applications or it can be provided by middleware above the SOAP layer, therefore, SOAP-XML can not provide the level of confidentiality for transferring electronic medical databases. In this paper, we will investigate SOAP protocol structure over XML, the purpose of this paper is identify the possible way towards implementing secure protocol to transfer electronic medical records databases or creating electronic medical records backups over unsecure channels. As a conclusion, SOAP alone can not provide the level of security that medical records databases deserve.

Services
Related Articles in ASCI
Search in Google Scholar
View Citation
Report Citation

 
  How to cite this article:

Mohamed Shabbir A. Nabi, M.L. Mat Kiah, B.B. Zaidan, A.A Zaidan and Gazi Mahabubul Alam, 2010. Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission. International Journal of Pharmacology, 6: 959-964.

DOI: 10.3923/ijp.2010.959.964

URL: https://scialert.net/abstract/?doi=ijp.2010.959.964
 
Received: September 07, 2010; Accepted: November 08, 2010; Published: December 13, 2010



INTRODUCTION

As the number of services and products offered and sold through the Internet grows rapidly, the need to ensure the same level of security as we have in the practical world has become an urgent need in the Internet environment (Ahmed et al., 2010; Zaidan et al., 2010a-d; Yee and Kiah, 2010). Information security is defined as the field of science that concerns about protecting the information and data from attackers or security threats (Alam et al., 2010; Al-Frajat et al., 2010; Raad et al., 2010). Numbers of method are available to secure data such as encryption methods or to ensure secure access (i.e., authentication) using biometrics (Zaidan et al., 2010e-g; Abomhara et al., 2010a, b; Qabajeh et al., 2009). Data privacy refers to the relationship between technology and the legal right to public expectation of privacy in the collection and sharing of data about one's self (Naji et al., 2009; Zaidan et al., 2010h-j). Information about health care or electronic medical records classified under high sensitive data that required high secure systems.

According to USA government, 100 billion dollars will be spent on developing electronic medical record for the next 10 years (Alanazi et al., 2010a; Yass et al., 2010) Services become progressively more important element of national economies and it is crucial to appreciate the distinguishing qualities of services and resulting management implications with specific focus on healthcare services.

Electronic medical records is digital information for a particular patient, this record may be created for each service to this particular patient, such as his/her radiology, pharmacy or laboratory, or as a result of an administrative action such as creating a claims. Moreover, some clinical systems also allow electronic capture of physiological signals such as nursing notes, electrocardiography, orders or physician (Alanazi et al., 2010b). Creating backups or transferring electronic medical records database is hard task, not only on security but on finding a suitable middleware. Unlike securing a single electronic medical record transmission where creating a security solution deals with small data is quite easy comparing with transferring huge database in a secure channel (Alanazi et al., 2010b; Hmood et al., 2010a-c)

XML is a short form for Extensible Markup Language (XML) and considered as the universal language for data transmission on the Internet. Unlike HTML (which is only for displaying data), XML allows us to define our own tags, XML allows the users to define their own tags written between angled brackets, i.e. a tag in XML opens with symbol and end with symbol.

Example:

Image for - Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission

The example above depicted how XML tags are written. For example <to> and <from> are not defined in any XML standard. However these tags are "created" by the author of the XML document and this is possible because XML language has no predefined tags.

XML documents can be used to represent information independently from the platform and language, and it is universally accepted as the standard technology for information interchange. XML documents can be in a form of a file, database or any other document types and can be created under any languages.

Therefore, XML is used to carry out any kind of data, XML document can be any document defined by Document Type Definition (DTD), DTD defines legal building block of an XML document including:

Names of element and how and where they can be used
The order of elements
Proper nesting and containment of elements
Elements attribute

XML document can be database file, printer file, other device file (e.g. mobile device file), word processing tool file, editing application file, in-house printing file or browsing file.

The benefits of using XML over the web are as follows. Simplicity, when we say simplicity that is because Information coded in XML is easy to read and understand, in addition it can be processed easily by computers. Openness, due to XML is a W3C standard. Extensibility that is because there is no fixed set of tags, tags can be created whenever needed. Self-description in traditional databases, data records require schemas set up by the database administrator. XML documents can be stored without such definitions, because they contain XML is a self descriptive that is because metadata is stored in XML in the form of tags and attributes. Can have multiples data types, XML documents can contain any possible data type such as large objects like video, sound, image and etc.
Distributed data, XML document can contain elements that are distributed over multiple remote servers so that the World Wide Web can be seen as a one huge database

SOAP has not defined any transport protocol; instead SOAP works on existing transport protocols, such as HTTP, SMTP, and MQSeries.

A SOAP method is an HTTP request/response that complies with the SOAP encoding rules A SOAP request could be an HTTP POST or an HTTP GET request.

Example:

Image for - Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission

SOAP, stands for Simple Object Access Protocol is a protocol used between applications which has specific format for sending messages on the Internet. SOAP is based on XML hence, SOAP communicates through the Internet independent of the platform and language used.

When an XML documents consists of nested elements which are distributed over multiple remote servers the XML document will look like a huge database over the World Wide Web.

The best way for communication between applications is using HTTP and that is because HTTP is supported by all internet browsers and servers. Hence, SOAP protocol is created to accomplish this task, it uses HTTP and XML for communication between applications, in nutshell, HTTP + XML = SOAP.

SOAP PROTOCOL STRUCTURE

As mentioned earlier, SOAP is a simple XML-based protocol that allowed applications exchange the information over HTTP.

Applications in the Internet communicate using Remote Procedure Calls (RPC) between objects like DCOM and CORBA, however, the best way to communicate between applications is over HTTP, since HTTP is supported by all Internet browsers and servers.

The important of SOAP presented on providing a way to communicate between different applications with different technologies running on different operating systems, and programming languages. SOAP works as follow (Fig. 1):

A client of SOAP requests for a service. This includes creating an XML document, either explicitly or using Oracle SOAP client API
Using HTTP or HTTPS the SOAP client sends the XML document to a SOAP server
Using the SOAP request handler servlet when the web server receives the SOAP message which is an XML document, the server then sends the message to an appropriate server-side application providing the requested service
In return, a response from the server side service is returned to the SOAP Request Handler Servlet and to the caller using the standard SOAP XML payload format

LITERATURE REVIEW

XML is a great technology as it can deal with any data, any operating system and any programming language. Due to the successes of this technology, XML start growing rapidly. SOAP protocol is XML-based that allowed applications exchange the information over HTTP. W3C start concerning about XML and SOAP security, therefore, they implemented different solutions to secure their data which are as follow:

Encryption: Sensitive data can be encrypted using either symmetric or asymmetric cryptography. Although, the data is sent in the clear; the encrypted part will be opaque and hard to crack. The process and format of the encrypted XML data defines by W3C.
Authentication: SOAP services users’ can be authenticated in many ways such as digest authentication and token-based authentication. Token based authentication requires users to supply credentials through a secure channel (i.e. request). SOAP servers respond with an authentication token which can be used for farther requests.
Digital signature: Signature is a technique to ensure the integrity of the data. SOAP messages either partially or the whole documents are first digested. The digest, along with other sensitive data, is then digitally signed using the sender’s certificate after that encrypted by the receiver's public key.


Image for - Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission
Fig. 1: SOAP request and response


Table 1: Researcher opinion about SOAP
Image for - Suitability of Using SOAP Protocol to Secure Electronic Medical Record Databases Transmission

As the signature is encrypted using the receiver's public key, only the receiver can decrypt it then verify the signature and message digest. Signature or hash verification failure gives an evidence for manipulation during the transmission. However, several people have illustrated the weaknesses and drawbacks of SOAP. In Table 1 we reported some researchers’ opinion about SOAP.

Even though, the features of SOAP-XML are encouraging; the recent versions of SOAP are not secure. The available security solutions are by hybrid approaches using the existing security mechanisms such as cryptography, digital signatures, tokens and etc.

CONCLUSION

SOAP or Simple object access protocol is specification protocol for exchanging information relies on XML. In this paper, the researcher opinions on SOAP have been reported. In particular, security issues of SOAP and its capabilities on securing high sensitive data, for instance, electronic medical records. As it has mention earlier, end-to-end protection of messages must either be implemented within applications or it can be provided by middleware above the SOAP layer, therefore, SOAP-XML can not provide the level of confidentiality for transferring electronic medical databases. In nutshell, SOAP can not propose alone as a secure protocol for sensitive data such as electronic medical records. For further researches, implementing secure protocol for EMR-database transmission or create remote backups for EMR-database, we need to employ secure and fast cryptography algorithms for instance, AES and Ntru to overcome the weakness of SOAP in term of security and time.

ACKNOWLEDGMENTS

This research has been funded in part from University of Malaya under No. UM.C/625/1. The Authors would like to acknowledge Multimedia University as the Co-funder for this research.

REFERENCES

1:  Abomhara, M., O.O. Khalifa, O. Zakaria, A.A. Zaidan, B.B. Zaidan and H.O. Alanazi, 2010. Suitability of using symmetric key to secure multimedia data: An overview. J. Applied Sci., 10: 1656-1661.
CrossRef  |  Direct Link  |  

2:  Abomhara, M., O.O. Khalifa, O. Zakaria, A.A. Zaidan, B.B. Zaidan and A. Rame, 2010. Video compression techniques: An overview. J. Applied Sci., 10: 1834-1840.
CrossRef  |  Direct Link  |  

3:  Ahmed, M.A., M.L.M. Kiah, B.B. Zaidan and A.A. Zaidan, 2010. A novel embedding method to increase capacity and robustness of low-bit encoding audio steganography technique using noise gate software logic algorithm. J. Applied Sci., 10: 59-64.
CrossRef  |  Direct Link  |  

4:  Alam, G.M., M.L.M. Kiah, B.B. Zaidan, A.A. Zaidan and H.O. Alanazi, 2010. Using the features of mosaic image and AES cryptosystem to implement an extremely high rate and high secure data hidden: Analytical study. Sci. Res. Essays, 5: 3254-3260.
Direct Link  |  

5:  Alanazi, H.O., H.A. Jalab, G.M. Alam, B.B. Zaidan and A.A. Zaidan, 2010. Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res., 4: 2059-2074.
Direct Link  |  

6:  Alanizi, H.O., M.L.M. Kiah, A.A. Zaidan, B.B. Zaidan and G.M. Alam, 2010. Secure topology for electronic medical record transmissions. Int. J. Pharmacol., 6: 954-958.
CrossRef  |  Direct Link  |  

7:  Al-Frajat, A.K., H.A. Jalab, Z.M. Kasirun, A.A. Zaidan and B.B. Zaidan, 2010. Hiding data in video file: An overview. J. Applied Sci., 10: 1644-1649.
CrossRef  |  Direct Link  |  

8:  Brose, G., 2003. Securing web services with SOAP security proxies. Proceedings of the ICWS 03 International Conference on Web Services, pp: 231-234.

9:  Chiu, K., M. Govindaraju and R. Bramley, 2002. Investigating the limits of SOAP performance for scientific computing. Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing, July 23-26, 2002, Edinburgh, Scotland, UK., pp: 246-254

10:  Davis, D. and M. Parashar, 2002. Latency performance of SOAP implementations. Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid, May 22-24, 2002, Berlin, pp: 407-412

11:  Hmood, A.K., H.A. Jalab, Z.M. Kasirun, B.B. Zaidan and A.A. Zaidan, 2010. On the capacity and security of steganography approaches: An overview. J. Applied Sci., 10: 1825-1833.
CrossRef  |  Direct Link  |  

12:  Hmood, A.K., Z.M. Kasirun, H.A. Jalab, G.M. Alam, A.A. Zaidan and B.B. Zaidan, 2010. On the accuracy of hiding information metrics: Counterfeit protection for education and important certificates. Int. J. Phys. Sci., 5: 1054-1062.
Direct Link  |  

13:  Hmood, A.K., B.B. Zaidan, A.A. Zaidan and H.A. Jalab, 2010. An overview on hiding information technique in images. J. Applied Sci., 10: 2094-2100.
CrossRef  |  Direct Link  |  

14:  Kohlhoff, C. and R. Steele, 2003. Evaluating SOAP for high performance business applications: Real-time trading systems. Proceedings of the WWW 2003, May 20-24, 2003, Budapest, Hungary, pp: 1-9

15:  Naji, A.W., A.A. Zaidan and B.B. Zaidan, 2009. Challenges of hidden data in the unused area two within executable files. J. Comput. Sci., 5: 890-897.
CrossRef  |  Direct Link  |  

16:  Nyman, J., K. Framling and V. Michel, 2008. Gathering product data from smart products. Proceedings 10th International Conference on Enterprise Information Systems, (EIS'08), Barcelona, pp: 252-257

17:  Qabajeh, L.K., M.L.M. Kiah and M.M. Qabajeh, 2009. A scalable and secure position-based routing protocol for ad-hoc networks. Malaysian J. Comput. Sci., 22: 99-120.
Direct Link  |  

18:  Raad, M., N.M. Yeassen, G.M. Alam, B.B. Zaidan and A.A. Zaidan, 2010. Impact of spam advertisement through e-mail: A study to assess the influence of the anti-spam on the e-mail marketing. Afr. J. Bus. Manage., 4: 2362-2367.
Direct Link  |  

19:  Yass, A.A., N.M. Yaseen, B.B. Zaidan and A.A. Zaidan, 2010. SSME architecture design in reserving parking reserving problems in Malaysia. Afr. J. Bus. Manage.,
Direct Link  |  

20:  Yee, P.L. and M.L.M. Kiah, 2010. Shoulder surfing resistance using penup event and neighbouring connectivity manipulation. Malaysian J. Comput. Sci., 23: 121-140.
Direct Link  |  

21:  Zaidan, A.A., B.B. Zaidan, A.K. Al-Fraja and H.A. Jalab, 2010. Investigate the capability of applying hidden data in text file: An overview. J. Applied Sci., 10: 1916-1922.
CrossRef  |  Direct Link  |  

22:  Zaidan, A.A., B.B. Zaidan, A.K. Al-Frajat and H.A. Jalab, 2010. An overview: Theoretical and mathematical perspectives for advance encryption standard/rijndael. J. Applied Sci., 10: 2161-2167.
CrossRef  |  Direct Link  |  

23:  Zaidan, A.A., B.B. Zaidan, H.O. Alanazi, A. Gani, O. Zakaria and G.M. Alam, 2010. Novel approach for high (Secure and rate) data hidden within triplex space for executable file. Sci. Res. Essays, 5: 1965-1977.
Direct Link  |  

24:  Zaidan, A.A., B.B. Zaidan, A.Y. Taqa, M.A. Sami, G.M. Alam and A.H. Jalab, 2010. Novel multi-cover steganography using remote sensing image and general recursion neural cryptosystem. Int. J. Phys. Sci., 5: 1776-1786.
Direct Link  |  

25:  Zaidan, B.B., A.A. Zaidan, A.K. Al-Frajat and H.A. Jalab, 2010. On the differences between hiding information and cryptography techniques: An overview. J. Applied Sci., 10: 1650-1655.
CrossRef  |  Direct Link  |  

26:  Zaidan, B.B., A.A. Zaidan, A. Taqa, G.M. Alam, M.L.M. Kiah and H.A. Jalab, 2010. StegoMos: A secure novel approach of high rate data hidden using mosaic image and ANN-BMP cryptosystem. Int. J. Phys. Sci., 5: 1796-1806.
Direct Link  |  

27:  Zaidan, A.A., H.A. Karim, N.N. Ahmed, G.M. Alam and B.B. Zaidan, 2010. A new hybrid module for skin detector using fuzzy inference system structure and explicit rules. Int. J. Phys. Sci., (In Press).

28:  Zaidan, A.A., N.N. Ahmed, H.A. Karim, G.M. Alam and B.B. Zaidan, 2010. Increase reliability for skin detector using backprobgation neural network and heuristic rules based on YCbCr. Sci. Res. Essays, 5: 2931-2946.
Direct Link  |  

29:  Zaidan, A.A., H.A. Karim, N.N. Ahmed, G.M. Alam and B.B. Zaidan, 2010. A novel hybrid module of skin detector using grouping histogram technique for bayesian method and segment skin adjacent-nested technique for neural network. Int. J. Phys. Sci., (In Press).

30:  Zaidan, A.A., N.N. Ahmed, H.A. Karim, G.M. Alam and B.B. Zaidan, 2010. Spam influence on the business and economy: Theoretical and experimental study for textual anti-spam filtering using mature document processing and naive bayesian classifier. Afr. J. Bus. Manage., (In Press).

©  2022 Science Alert. All Rights Reserved