Page 97 - IJEEE-2023-Vol19-ISSUE-1
P. 97
Received: 03 November 2022 Revised: 09 December 2022 Accepted: 10 December 2022
DOI: 10.37917/ijeee.19.1.12
Vol. 19| Issue 1| June 2023
Ð Open Access
Iraqi Journal for Electrical and Electronic Engineering
Original Article
Securing a Web-Based Hospital Management System
Using a Combination of AES and HMAC
Alaa B. Baban *1, Safa A. Hameed 2
1 Department of Communication and Computer Engineering, Faculty of Engineering, Cihan University-Erbil, Kurdistan Region,
Iraq.
2 Peoples’ Friendship University of Russia (RUDN University), Moscow, Russian Federation.
Correspondence
*Alaa B. Baban
Department of Communication and Computer Engineering,
Faculty of Engineering, Cihan University-Erbil,
Kurdistan Region, Iraq.
Email: alaa.ali@ cihanuniversity.edu.iq
Abstract
The demand for a secured web storage system is increasing daily for its reliability which ensures data privacy and
confidentiality. The proposed paper aims to find the most secure ways to maintain integrity and protect privacy and security in
healthcare management systems. The Advanced Encryption Standard (AES) algorithm is used to encrypt data transferred by
providing a means to check the integrity of information transmitted and make it more immune to cyberattack techniques, this
was implemented by using Keyed-Hash Message Authentication Code (HMAC) and Secured Hash Algorithm-256 (SHA-256).
The risk of exposure to attackers can be avoided by using honeypot systems combined with Intrusion detection systems (IDSs)
as a firewall system is not effective against such attacks alone. The experimental results evaluate the proposed security health
information management system by comparing the performance of the encryption algorithm based on encryption time, memory
and CPU usage, and entropy for different plaintext lengths. In addition, it can be seen that when changing the AES key size,
more memory and time are required the longer the key size is used. The 128 bits AES key is therefore advised if the system must
operate in hard real-time.
KEYWORDS: Management System, Database security, database encryption, Encryption Algorithms and
Keyed_Hash_Message_Authentication_Code (HMAC).
I. INTRODUCTION securely send personal health information. Protecting data
security in cloud databases has become a crucial issue in the
The Healthcare Management System (HMS) is essential to field of information security where protecting the privacy of
manage health organizations accurately and efficiently. patients should be the highest priority that should be practiced
Previously, it was hard to hold the right real-time activity by HMS, keeping in mind that this information is usually shared
records for hospitals, patient information, and maintaining between different untrusted entities [2]. This study evaluates
equipment. Hospital information systems may help in various the encryption algorithm AES with a variable key length of 128,
ways with quality assurance activities for instance; assessing 192, and 256 bits; combined with the HMAC-SHA-256
the quality of primary care, checking quality indications, algorithm as part of the suggested security model. This
supporting medical care assessment studies, and verifying the combination was evaluated to determine its effectiveness and
continuing process of care using reminders or decision support efficiency by calculating many performance measurements.
techniques [1]. Essential parts of the process of any HMS Additionally, Intrusion Detection System (IDS) with honeypot
include; the acquisition, management, and timely retrieval of system, which is a security system that was used to detect
large amounts of data. This information usually involves; network security breaches, were implemented.
patient personal information and medical history, staff
information, and payment receipts, this sensitive information is II. RELATED WORK
vulnerable, therefore database systems should be protected
from any attacks. To achieve the security management of the The cloud database has a serious data security problem that
HMS the encryption algorithms are utilized to encrypt and was solved by encrypting the database. Even though the
This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and
reproduction in any medium, provided the original work is properly cited.
© 2023 The Authors. Published by Iraqi Journal for Electrical and Electronic Engineering by College of Engineering, University of Basrah.
https://doi.org/10.37917/ijeee.19.1.12 https://www.ijeee.edu.iq 93