Page 97 - IJEEE-2023-Vol19-ISSUE-1
P. 97

Received: 03 November 2022              Revised: 09 December 2022  Accepted: 10 December 2022
DOI: 10.37917/ijeee.19.1.12
                                                                                               Vol. 19| Issue 1| June 2023
                                                                                                                       Ð Open Access

Iraqi Journal for Electrical and Electronic Engineering

Original Article

 Securing a Web-Based Hospital Management System
        Using a Combination of AES and HMAC

                                          Alaa B. Baban *1, Safa A. Hameed 2

1 Department of Communication and Computer Engineering, Faculty of Engineering, Cihan University-Erbil, Kurdistan Region,
                                                                           Iraq.

                     2 Peoples’ Friendship University of Russia (RUDN University), Moscow, Russian Federation.

Correspondence
*Alaa B. Baban
Department of Communication and Computer Engineering,
Faculty of Engineering, Cihan University-Erbil,
Kurdistan Region, Iraq.
Email: alaa.ali@ cihanuniversity.edu.iq

Abstract
The demand for a secured web storage system is increasing daily for its reliability which ensures data privacy and
confidentiality. The proposed paper aims to find the most secure ways to maintain integrity and protect privacy and security in
healthcare management systems. The Advanced Encryption Standard (AES) algorithm is used to encrypt data transferred by
providing a means to check the integrity of information transmitted and make it more immune to cyberattack techniques, this
was implemented by using Keyed-Hash Message Authentication Code (HMAC) and Secured Hash Algorithm-256 (SHA-256).
The risk of exposure to attackers can be avoided by using honeypot systems combined with Intrusion detection systems (IDSs)
as a firewall system is not effective against such attacks alone. The experimental results evaluate the proposed security health
information management system by comparing the performance of the encryption algorithm based on encryption time, memory
and CPU usage, and entropy for different plaintext lengths. In addition, it can be seen that when changing the AES key size,
more memory and time are required the longer the key size is used. The 128 bits AES key is therefore advised if the system must
operate in hard real-time.
KEYWORDS: Management System, Database security, database encryption, Encryption Algorithms and

                  Keyed_Hash_Message_Authentication_Code (HMAC).

                          I. INTRODUCTION                          securely send personal health information. Protecting data
                                                                   security in cloud databases has become a crucial issue in the
      The Healthcare Management System (HMS) is essential to       field of information security where protecting the privacy of
manage health organizations accurately and efficiently.            patients should be the highest priority that should be practiced
Previously, it was hard to hold the right real-time activity       by HMS, keeping in mind that this information is usually shared
records for hospitals, patient information, and maintaining        between different untrusted entities [2]. This study evaluates
equipment. Hospital information systems may help in various        the encryption algorithm AES with a variable key length of 128,
ways with quality assurance activities for instance; assessing     192, and 256 bits; combined with the HMAC-SHA-256
the quality of primary care, checking quality indications,         algorithm as part of the suggested security model. This
supporting medical care assessment studies, and verifying the      combination was evaluated to determine its effectiveness and
continuing process of care using reminders or decision support     efficiency by calculating many performance measurements.
techniques [1]. Essential parts of the process of any HMS          Additionally, Intrusion Detection System (IDS) with honeypot
include; the acquisition, management, and timely retrieval of      system, which is a security system that was used to detect
large amounts of data. This information usually involves;          network security breaches, were implemented.
patient personal information and medical history, staff
information, and payment receipts, this sensitive information is                           II. RELATED WORK
vulnerable, therefore database systems should be protected
from any attacks. To achieve the security management of the            The cloud database has a serious data security problem that
HMS the encryption algorithms are utilized to encrypt and          was solved by encrypting the database. Even though the

This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and

reproduction in any medium, provided the original work is properly cited.

© 2023 The Authors. Published by Iraqi Journal for Electrical and Electronic Engineering by College of Engineering, University of Basrah.

https://doi.org/10.37917/ijeee.19.1.12                                                         https://www.ijeee.edu.iq 93
   92   93   94   95   96   97   98   99   100   101   102