Documente Academic
Documente Profesional
Documente Cultură
Abstract—This research addresses the implementa- The process of manually organising and managing
tion of encryption and digital signature technique for on paper media has a few shortcomings in the aspect
electronic health record to prevent cybercrime such as of information security that is confidentiality, data
robbery, modification and unauthorised access. In this
research, RSA 2048-bit algorithm, AES 256-bit and SHA integrity, availability, non-repudiation, and authentica-
256 will be implemented in Java programming language. tion [1]. The electronic health records (EHR) has great
Secure Electronic Health Record Information (SEHR) benefits to health services such as primary and referral
application design is intended to combine given services, service facilities and hospitals.
such as confidentiality, integrity, authentication, and non- The perceived benefits are increasing availability
repudiation. Cryptography is used to ensure the file
records and electronic documents for detailed informa- of electronic patient records in hospitals, improving
tion on the medical past, present and future forecasts the efficiency of the health care retrieval process [2],
that have been given only to the intended patients. The facilitating retrieval of patient information [3], easy
document will be encrypted using an encryption algo- access to patient information that ultimately help in
rithm based on NIST Standard. In the application, there clinical decision-making, and reducing operational im-
are two schemes, namely the protection and verification
scheme. This research uses black-box testing and white- pact cost and earnings improvement in health care
box testing to test the software input, output, and code facilities especially hospitals [4].
without testing the process and design that occurs in The EHR should only be accessed and shared by
the system.We demonstrated the implementation of cryp- authorised healthcare providers such as doctors, nurses,
tography in SEHR. The implementation of encryption lab technicians due to its function to record any critical
and digital signature in this research can prevent archive
thievery.
information for every patient. That critical informa-
Keywords: Electronic Medical Record; Digital Signature; tion such as the enforcement of diagnosis, therapy,
Cryptography; Java Programming avoids allergic reactions and drug duplication [5]. This
practice is consistent with ethical considerations in
I. INTRODUCTION the application of information [5] technology, where
all healthcare providers have a moral code that re-
Medical records based on paper still have some
quires the balance between the patient privacy and
flaws and problems. Those problems occur ranging
the care needs including the access to the records of
from physical security, requiring storage area, difficult
patients [6].
to transfer or communication the information, easily
A recent research article proposed that Public Key
damaged and destroyed. If the storage process is not
Infrastructure (PKI), symmetric key and login pass-
performed properly, it will complicate the search pro-
word for authentication are used for the security of
cess or the information retrieval. In addition to the
the EHR [7]. Based on ISO/TS 18308 standard [8],
many possible disasters, health record information are
the primary purpose of the EHR is to provide a
personal data for someone and human life. For that,
documented record of care which supports both present
we need a solution to resolve the issue.
and future care received by the patient from the same or
Received: August 1, 2016; received in revised form: August 10, other clinicians or care providers. This documentation
2016; accepted: August 11, 2016; available online: August 19, 2016. provides a mean of communication among clinicians
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
contributing to the patient’s care. as a digital signature scheme. The RSA algorithm is
In this paper, EHR was designed and built using used due to its fast computation compared to ECDSA
digital signature and file encryption. Digital signature and DSA [16].
and file encryption are used not only to solve confi- In the process of signature generation and verifi-
dentiality, data integrity, availability, non-repudiation, cation, an entity A marks the message m ∈ M.
and authentication problem but also to prevent robbery, The entity B can verify A’s signature and return the
modification and unauthorised access. Secure Elec- message m from the signature. The procedure is of the
tronic Health Record Information (SEHR) is a secure following (see Fig. 1).
electronic health record which uses RSA 2048 bit [9], 1) Key Generation in RSA Digital Signature.
AES 256 bit [10] and SHA 256-bit algorithm that is
• Determine randomly two large prime num-
implemented in Java programming. The cryptography
bers p and q.
aspect is expected to ensure the file records and elec-
• Compute n = pq and ∅ = (p − 1)(q − 1).
tronic documents on patient’s identity, examination,
• Choose a random integer e in 1 < e < ∅,
treatment, action and service given and the authorised
so that gcd(e, ∅) = 1.
person.
• Use the extended Euclidean algorithm to
II. FUNDAMENTAL THEORY compute d where 1 < d < ∅, so that
A. Electronic Health Record ed ≡ 1(mod∅)
• Public key: (n, e) and the private key: d.
Electronic Health Record (EHR) is a comprehensive
2) Signing
patient’s health information electronic record which
is an integration of the multiple health information • Compute m̃ = R(m), an integer in the range
64
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
For the decryption process, inverse process is used application. The protection step is on the tab SIGN
at the transformation stage. The process starts from & ENCRYPT and the verification process is on the
InvSubBytes, InvShiftRows, and ends in InvMix- VERIFICATION tab. The details of the two processes
Columns. Because of this, S-box for encryption and are of the following.
decryption are different. In the decryption process, the 1) Signing and Encryption Scheme: On the protec-
used S-box is the inverse S-box. tion schemes, two processes are running: the securing
process (encryption) and the authenticating process
D. Secure Hash Algorithm 256 bit (signing). The generation of the private key and the
Secure Hash Algorithm (SHA) is used to generate public key is done before the encryption and signing
hash value from the message M with the length l bit, process executed. The scheme of securing and authenti-
where 0 ≤ 1 ≤ 264 . The algorithm is cating documents is done in a simple manner following
1) Message Schedule for 64 words 32-bit. Words the scheme in Fig. 3.
of the message schedule are labeled as 2) Verification Scheme: The verification process is
W0 , W1 , . . . , W6 . done by reversing the signing process (see Fig. 4). The
2) Eight 32-bit variables labeled as a, b, . . . , h. file is firstly decrypted using a key that has been used
3) The hash has value of eight 32-bit words are previously in the encryption process. After this process,
labeled as H0i , H1i , . . . , H7i . the file is hashed and then digital signature calculations
The preprocessing consists of three steps, namely using a public key that has been generated and stored
padding of the message M , split up the message into in the protection stage is performed. The verification
message blocks, and set the initialization hash value process is the process of calculating the digital sig-
H 0 ; then, proceed with to the SHA-256 computing nature value of the hashed document using the public
process. key. If appropriate, it will display a notification that
the document is successfully decrypted and proven to
III. SECURE ELECTRONIC HEALTH RECORD be authentic. If it does not match, the notification will
APPLICATION show that the document was not authentic or has been
A. General Description The Application a change.
Secure Electronic Health Record application is an B. Implementation of Secure Electronic Health Record
application that applies the concept of digital signa- Application (SEHR)
tures using RSA and SHA-256 algorithms and AES-
The implementation of digital signature File En-
256 block cipher algorithm for the encryption process.
cryption includes steps using SEHR application. The
The application will be implemented in Java pro-
steps in the implementation of SEHR application are
gramming language that guarantees the integrity, con-
as follows:
fidentiality, authentication and non-repudiation. Java
language is used because it is more mobile, multi- 1) Login process: When the user runs the applica-
platform, object-oriented, portable, and open source. tion, the Welcome message will appear to start
It has two schemes which are the protection scheme logging the process (see Fig. 5). The user needs
and verification scheme. It is assumed that the pro- to fill the USERNAME and PASSWORD fields.
tection and verification processes are contained in one By pressing the LOGIN button, the login process
Fig. 2. Encryption Process Diagram [19]. Fig. 3. The Encryption and Signing Scheme
65
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
66
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
Fig. 7. Signing and Encryption on SEHR Application. Fig. 8. Verification on SEHR Application.
67
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
TABLE I TABLE IV
T HE B LACK - BOX T ESTING ON S IGNING AND E NCRYPTION . T HE M ETHODS OF C ORRECNESS C ALCULATION [25].
68
Cite this article as: M A Sadikin and R W Wardhani, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health Record Application”, CommIT (Communication & Information
Technology) Journal 10(2), 63–69, 2016.
[6] B. Kozier, Praktik keperawatan profesional: Kon- sia nomor 269/menkes/per/iii/2008 tentang rekam
sep dan perspektif. Jakarta, Indonesia: EGC, medis.”
2007. [15] A. J. Menezes, P. C. Van Oorschot, and S. A.
[7] R. Zhang and L. Liu, “Security models and Vanstone, Handbook of Applied Cryptography
requirements for healthcare application clouds,” (1992 CRC Press). ISBN, 1997.
in 2010 IEEE 3rd International Conference on [16] S. P. Singh and R. Maini, “Comparison of data
Cloud Computing. IEEE, 2010, pp. 268–275. encryption algorithms,” International Journal of
[8] TS 18308 Health Informatics-Requirements for Computer Science and Communication, vol. 2,
an Electronic Health Record Architecture, ANSI no. 1, pp. 125–127, 2011.
ISO Std., 2004. [17] Sumarkidjo and et al, “Jelajah kriptologi,” 2007,
[9] Recommendation for Transition the Use of Cryp- national Crypto Agency.
tography Algorithms and Key Lenghts., NIST Std. [18] W. Stalling, Cryptography and Network Security,
NIST Special Publication 800-131A, 2011. 4th ed. Prentice Hall, 2005.
[10] Guideline for Implementing Cryptography In the [19] R. Munir, “Otentikasi dan tanda tangan dig-
Federal Government., NIST Std. NIST Special ital,” Departemen Teknik Informatika, Institut
Publication 800-21A, 2005. Teknologi Bandung., Tech. Rep., 2004.
[11] NCH. (2006) Electronic health records overview. [20] W. E. Perry, A Standard for Testing Application
Healthcare Information and Management Software, 1990. Auerbach Publishers, 1989.
Systems Society. Download on October 15, [21] G. J. Myers, C. Sandler, and T. Badgett, The art
2011. [Online]. Available: http://www.himss.org/ of software testing. John Wiley & Sons, 2011.
electronic-health-records-overview-nih-national-center-research-resources
[22] W. C. Hetzel and B. Hetzel, The complete guide
[12] D. T. Mon, “Defining the differences between the to software testing. John Wiley & Sons, Inc.,
cpr, emr, and ehr.” Journal of AHIMA/American 1991.
Health Information Management Association, [23] IEEE Standard Glossary of Software Engineering
vol. 75, no. 9, pp. 74–5, 2004. Terminology, IEEE Std., Dec 1990.
[13] WHO, Electronic health records: manual for de- [24] S. McConnell, Code complete. Pearson Educa-
veloping countries. World Health Organization: tion, 2004.
Manila: WHO Regional Office for the Western [25] R. S. Pressman, Software engineering: a practi-
Pacific, 2006. tioner’s approach, 7th ed. Palgrave Macmillan,
[14] “Peraturan menteri kesehatan republik indone- 2010.
69