Page 75 - IJEEE-2022-Vol18-ISSUE-1
P. 75

Received: 31 January 2022              Revised: 21 February 2022  Accepted: 22 February 2022
DOI: 10.37917/ijeee.18.1.9
                                                                                              Vol. 18| Issue 1| June 2022
                                                                                                                      ? Open Access

Iraqi Journal for Electrical and Electronic Engineering

Original Article

  Secure Patient Authentication Scheme in the
Healthcare System Using Symmetric Encryption

                                                         Naba M. Hamed*1, Ali A. Yassin2
                1College of Computer Science and Information Technology, University of Basrah, Basrah, 61004, Iraq
         2Department of Computer science, Education College for Pure Sciences, University of Basrah, Basrah, 61004, Iraq

Correspondence
*Naba M.Hamed
Department of Computer science,
College of Computer Science and Information Technology,
University of Basrah, Basrah, Iraq
Iraq Email: nabawq12@gmail.com

Abstract
Recently, the incorporation of state-of-the-art technology such as Electronic Healthcare Records (EHRs), networks, and cloud
computing has transformed the traditional healthcare system. However, security problems have arisen as a result of the
integration of technology. Secure remote user authentication is a core part of the healthcare system to validate the user's
identification via an unsecure communication network. Since then, several remote user authentication schemes have been
presented, each with its own set of pros and limitations. As a result, security, malicious attacks and privacy concerns are
considered one of the main challenges related to the healthcare system. In this paper, we propose a safe user authentication
scheme for patients in the healthcare system that overcomes these flaws and confirms the security of the proposed work using
scyther, a formal security tool. In the healthcare environment, our work provides an effective means to construct an environment
capable of setting, registering, storing, searching, analyzing, authentication, and verifying electronic healthcare information in
order to protect the information of patients. Furthermore, our suggested scheme uses symmetric encryption based on the crypto-
hash function for accessing the anomaly of the patient's identity and One-Time Password (OTP). Towards the end of the study,
the performance analysis results indicate a delicate balance of security and performance that is frequently lacking in previous
works.
Keywords: Electronic Health Records, Malicious Attacks, Healthcare System, OTP Authentication.

                         I. INTRODUCTION                          password process in the computer system. One example is
                                                                  that passwords are kept in database systems in plaintext that
   The Internet has become an integral aspect of modern life.     the database administrator may readily view. Another issue
With the rapid advancement of Internet technology, we can         is that an attacker can impersonate a valid user by stealing the
now provide any service from anywhere and at any time.            user ID and password from the password database.
Remote user authentication is becoming a crucial aspect of        Individuals' e-health data is some of their most sensitive
accessing valuable services or resources in the healthcare        information. Privacy regulations such as the Health Insurance
system, cloud applications, multi-server environments, and        Portability and Accountability Act (HIPPA) and the General
mobile devices. Remote user authentication is an important        Data Protection Regulation (GDPR)[1]. The remote system
part of any security design. Authorization grants Identity-       should have the skill to authenticate the users. Otherwise, a
Based Privileges and audit trails are not transparent without     discount could impersonate a legitimate user login to get
authentication. Secrecy and privacy will be breached if we        access to the system[2]. They were intended to improve
are unable to distinguish between authorized and                  healthcare data governance; however, e-health data has
unauthorized parties. Likewise, in order to access resources      frequently been violated. Furthermore, as the accessibility
situated in faraway locations, each user must have the            and usability of e-health data grows, so do the security attack
necessary access privileges. The use of a password-based          vectors. Over the previous decade, 1.5 million medical
authentication technique is one of the most simple and            devices have been affected owing to software flaws and
convenient protection mechanisms. The healthcare system,          wireless connections, and cloud computing services that store
E-business, Database Management Systems, and Smart Card           and analyze e-health data have become a target for massive
applications are some instances of password-based                 e-health data. In 2019-2021, 41.4 million patient records
authentication schemes. There are two major issues with the

This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and
reproduction in any medium, provided the original work is properly cited.
© 2022 The Authors. Iraqi Journal for Electrical and Electronic Engineering by College of Engineering, University of Basrah.

https://doi.org/10.37917/ijeee.18.1.9                                                         https://www.ijeee.edu.iq 71
   70   71   72   73   74   75   76   77   78   79   80