Cover
Vol. 19 No. 1 (2023)

Published: June 30, 2023

Pages: 93-99

Original Article

Securing a Web-Based Hospital Management System Using a Combination of AES and HMAC

Alaa B. Baban 1 Safa A. Hameed 2
1Department of Communication and Computer Engineering, Faculty of Engineering, Cihan University-Erbil, Kurdistan Region,
2Peoples’ Friendship University of Russia (RUDN University), Moscow, Russian Federation.
History
  • Received: November 3, 2022
  • Revised: December 9, 2022
  • Accepted: December 10, 2022
  • Available Online: February 22, 2023
DOI

https://doi.org/10.37917/ijeee.19.1.12

Abstract

The demand for a secured web storage system is increasing daily for its reliability which ensures data privacy and confidentiality. The proposed paper aims to find the most secure ways to maintain integrity and protect privacy and security in healthcare management systems. The Advanced Encryption Standard (AES) algorithm is used to encrypt data transferred by providing a means to check the integrity of information transmitted and make it more immune to cyberattack techniques, this was implemented by using Keyed-Hash Message Authentication Code (HMAC) and Secured Hash Algorithm-256 (SHA-256). The risk of exposure to attackers can be avoided by using honeypot systems combined with Intrusion detection systems (IDSs) as a firewall system is not effective against such attacks alone. The experimental results evaluate the proposed security health information management system by comparing the performance of the encryption algorithm based on encryption time, memory and CPU usage, and entropy for different plaintext lengths. In addition, it can be seen that when changing the AES key size, more memory and time are required the longer the key size is used. The 128 bits AES key is therefore advised if the system must operate in hard real-time.

Keywords

References

  1. A. Jayawardena, "The electronic hospital information system implemented at the district general hospital trincomalee-an experience of business process re-engineering" J Community Med Health Educ S, Vol. 2, 2014.
  2. Y. Chen, and L. Wan, "Towards Designing Personal Health Information Management System Based on Java", Mobile Information Systems, 2021.
  3. F. Zhang, et al., "Hybrid encryption algorithms for medical data storage security in cloud database", International Journal of Database Management Systems (IJDMS), Vol. 11, 2019.
  4. K. Deshmukh and P.M. Chawan, "Data Integrity and Privacy in Healthcare Management System: A Survey", International Research Journal of Engineering and Technology (IRJET), Vol. 7, No. 11, 2020. Ref. Algorithm Used Description Processing Time Memory Usage Encryption Message Authentication
  5. Developed the AES algorithm named by (P- AES) A hybrid encryption algorithm can provide security protection
  6. Data Encryption Standard (DES) Symmetric key cipher of Encryption
  7. International Data Encryption Algorithm (IDEA) Symmetric key cipher of Encryption and Decryption
  8. AES Symmetric block cipher with a block length of 128 bits.
  9. AES Symmetric key cipher with length 256bits
  10. AES AES algorithm gives more security with a little encryption time used to encrypt using 128-bit key.
  11. RSA+ IDEA Added Security by use of 2 encryption algorithms
  12. Hashing MD5(Message-Digest Algorithm
  13. Data Encryption Standard (DES) Security is guaranteed by the use of two- phase encryption. The current work AES +HMAC Symmetric key cipher with three different key lengths: 128, 192, or 256 bits. Baban & Hameed | 99
  14. R. Amrutha, P. Perumal, S. Balaganesh, D. Ishwarya, "Secured Data Migration using AES Algorithm and Authentication Techniques in Cloud Environment", International Journal of Research in Engineering, Science and Management, Vol. 2, Issue 3, pp. 853-856, March-2019.
  15. I. Nti, E. Gymfi, and O. Nyarko, "Implementation of advanced encryption standard algorithm with key length of 256 bits for preventing data loss in an organization", Int. J. Adv. Technol, Vol. 8, No. 02, pp. 1-5, 2017.
  16. S. Mondal, S. and S. Maitra, "Data security-modified AES algorithm and its applications", ACM SIGARCH Computer Architecture News, Vol. 42, No. 2, pp. 1-8, 2014.
  17. X. h.Wu, X. j. Ming, "Research of the Database Encryption Technique Based on Hybrid Cryptography" In 2010 International Symposium on Computational Intelligence and Design, 2010.
  18. M. C. Ah Kioon, Z. S. Wang, and S. Deb Das, "Security analysis of MD5 algorithm in password storage", In Applied Mechanics and Materials. 2013.
  19. M. S. Hwang, and W. P. Yang, "A two-phase encryption scheme for enhancing database security", Journal of Systems and Software, Vol. 31, No. 3, pp. 257-265, 1995.
  20. B. Schneier, et al., "The Twofish team’s final comments on AES Selection", AES round, Vol. 2, No. 1, pp. 1-13, 2000.
  21. W. M. Tatun, "The Advanced Encryption System (AES) Development Effort: Overview and Update", SANS Institute, 2001.
  22. H. A. Younis, A. Y. Abdalla, and T. Y. Abdalla, "Partial encryption of compressed image using threshold quantization and AES cipher", Iraq J. Electrical and Electronic Engineering, Vol. 8, No. 1, 2012.
  23. M. G. Singh, M. A. Singla, and M. K. Sandha, "Cryptography algorithm comparison for security enhancement in wireless intrusion detection system", International Journal of Multidisciplinary Research, Vol.1, No. 4, pp. 143-151, 2011.
  24. S. William, "Cryptography and Network Security: for VTU", Pearson education india, 2006.
  25. Z. J. Chowdhury, D. Pishva, and G. Nishantha, "AES and Confidentiality from the Inside Out", in 2010 The 12th International Conference on Advanced Communication Technology (ICACT), 2010.
  26. K. F. Jasim, et al, "Analysis the Structures of Some Symmetric Cipher Algorithms Suitable for the Security of IoT Devices", Cihan University-Erbil Scientific Journal, Vol. 5, No. 2, pp. 13-19, 2021.
  27. A. K. Mandal, C. Parakash, and A. Tiwari, "Performance evaluation of cryptographic algorithms: DES and AES", in 2012 IEEE Students' Conference on Electrical, Electronics and Computer Science, 2012.
  28. M. F. Mushtaq, et al, "A survey on the cryptographic encryption algorithms", International Journal of Advanced Computer Science and Applications, Vol. 8, No. 11, 2017.
  29. J. M. Turner, "The keyed-hash message authentication code (hmac)", Federal Information Processing Standards Publication, Vol. 198, No. 1, pp. 1-13, 2008.
  30. E. S. I. Harba, "Secure data encryption through a combination of AES, RSA and HMAC", Engineering, Technology & Applied Science Research, Vol. 7, No. 4, pp. 1781-1785, 2017.
  31. N. A. Azeez, and O.J. Chinazo, Achieving Data Authentication With Hmac-Sha256 Algorithm", Computer Science & Telecommunications, Vol. 54, No. 2, 2018.
  32. B. Park, J. Song, and S. C. Seo, "Efficient Implementation of a Crypto Library Using Web Assembly", Electronics, Vol. 9, No. 11, 2020.
  33. Benmoussa, H., A. Abou El Kalam, and A.A. Ouahman. Towards a new intelligent generation of intrusion detection system. in Proceedings of the 4th Edition of National Security Days (JNS4). 2014. IEEE.
  34. M. Baykara, and R. Daş, "A survey on potential applications of honeypot technology in intrusion detection systems", International Journal of Computer Networks and Applications (IJCNA), Vo. 2, No. 5, pp. 203-211, 2015.
  35. D. Mudzingwa, and R. Agrawal, "A study of methodologies used in intrusion detection and prevention systems (IDPS)", in 2012 Proceedings of IEEE Southeastcon, 2012.
  36. E. Cole, "Network security bible", John Wiley & Sons, 2011.
  37. A. Valdes, and K. Skinner, “Probabilistic alert correlation,” in International Workshop on Recent Advances in Intrusion Detection. Springer, pp. 54–68, 2001.
  38. S. Li, Q. Zou, and W. Huang, "A new type of intrusion prevention system", in 2014 international conference on information science, electronics and electrical engineering, 2014.
  39. I. Koniaris, et al., "Honeypots deployment for the analysis and visualization of malware activity and malicious connections", in 2014 IEEE international conference on communications (ICC), 2014.
  40. J. Wang, and J. Zeng, "Construction of large-scale honeynet Based on Honeyd", Procedia Engineering, Vol. 15, pp. 3260-3264, 2011.
  41. Y. Gökırmak, et al, "IPv6 Balküpü Tasarımı", Tübitak Ulakbim, Ankara, 2011.
  42. N. Shaji, and P. Bonifus, "Design of AES architecture with area and speed tradeoff", Procedia Technology, Vol. 24, pp. 1135-1140, 2016.
  43. B. Latinović, Z. Ž. Avramović, and M. Zajmović, "Safety Analysis Of Reverse Algorithm Encryption In Databases", Journal of Information Technology & Applications, Vol. 9, No. 1, 2019.