Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing Hindawi Journal of Healthcare Engineering Volume 2018, Article ID 6410180, 7 pages https://doi.org/10.1155/2018/6410180 Research Article A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing 1 2 3 4 Hoon Ko , Libor Měsíček, Jongsun Choi, and Seogchan Hwang IT Research Institute, Chosun University, 309 Pilmun-daero, Dong-gu, Gwangju 61452, Republic of Korea Jan Evangelista Purkyně University in Ústí nad Labem, Pasteurova 1, 400 96 Ústí nad Labem, Czech Republic School of Computer Science and Engineering, Soongsil University, 369 Sangdo-Ro, Dongjak-Gu, Seoul 06978, Republic of Korea Gensoloft Inc., 99 Jangseungbaegi-Ro, Dongjak-Gu, Seoul 06936, Republic of Korea Correspondence should be addressed to Seogchan Hwang; seogchan@gmail.com Received 22 August 2017; Accepted 25 December 2017; Published 29 March 2018 Academic Editor: Emiliano Schena Copyright © 2018 Hoon Ko et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients’ biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. 1. Introduction health care system’s large data technology collects the pattern of disease flow, which would come from heterogeneous devices. Next, with the analyzed results, a medical system A health care system needs some network devices such as or a doctor observes each patient’s status. Then each pre- smart devices, servers, and sensors based on a network, where the server is storing all of the patients’ medical infor- scription is suggested automatically, and these records are saved in a server in the health care system. As it was said, mation. The information in the system is used by a doctor when this is used, the system may have a privacy problem or medical experts to monitor all of the patients’ medical due to cyberattacks. To protect the records, all users need status remotely on a network. To connect to them, they can to log in their ID/password with an encryption algorithm. use Bluetooth or WiFi and other network technologies that can be used in health care systems. However, because of the As well, the encryption algorithm is used when the patents’ records are saved [2]. Now, the network that the system uses, systems process in the network, security problems such as and that which it has been using, has not enough protection cyberattacks certainly can appear in the system [1]. The dam- against cyberattackers with just an ID/password [3]. Even if it age will be serious; for example, in case there is a security has a security program, the security policy has to be updated accident like patient medical information leakage that con- tains a patient’s disease name and all medical records, it can periodically or automatically with security processes such as DRM agent or server, Key Management Policy, License lead to a privacy problem. In addition, the health care system Policy, and Security Policy. However, more important is uses a large amount of data with records about the patients’ how to keep the medical records following particular rules, disease to predict potential medical attacks or a sudden crit- which should consider each medical record. Therefore, this ical status. When it decides to analyze a small data set, the 2 Journal of Healthcare Engineering (1) Patient.Information (2) Insurance.Information (3) Disease.Information Figure 1: Patient registration form. paper suggests the security management of medical records this gap by evaluating the usability of a novel web-based tool in a health care system on the cloud [4] and shows its safety. called COCPIT (Collaborative Online Care Pathway Investi- Security management, as its name suggests, contains a gation Tool), which supports the design, analysis, and visual- DRM server, DRM agent, License Policy, Security Policy, ization of ICT at the population level. Patients and doctors and Key Management Policy. With these components, it use this interface to analyze their state by connecting to a is able to manage all security rules and policies in order to server. Now this idea is planned to be used only in a local reduce the potential and impact of risks from attacks, includ- area, like in a hospital. As viewed in [11], Amin et al. had pre- ing cyberattacks, that can be discovered in advance [1]. The sented a user authentication scheme for Telecare Medical rest of the paper is divided as follows: Section 2 describes Information System (TMIS), which can use the Internet related works, Section 3 explains safe medical record man- between a patient and a medical server [12–14]. To overcome agement, Section 4 contains the analysis, and Section 5 the security weakness, they had designed a medical system presents the conclusions. architecture and a standard mutual authentication scheme to exchange medical data. Also through this scheme, they share the key [5, 9, 10]. They had used elliptic curve cryptog- 2. The Related Works raphy which is a good algorithm in a mobile device [15]. 2.1. Medical Records. Microsoft provides usage with an Office Open XML format which supports portable medical elec- 2.2. Threats and Damages. This section contains the threats tronics, a standard within the medical industry with Office to the medical contents. Security and medical record protec- 2007 [5, 6]. Also, many relevant institutes have been working tion issues are of importance in the adoption of a cloud-based with this similar area. As shown in Figure 1, Hoon Ko had health care solution. We have summarized cyberattack and defined the medical record form that normally contains 3 damage records in Tables 1 and 2. categories: (1) Patient.Information which consists of name, birth information, and address; (2) Insurance.Information which includes the insurance information of the patient 2.3. DRM Storage System. The DRM storage system runs and a phone number in case of an emergency; and (3) Disea- independently of the health care system. This system se.Information that involves detailed disease information [7]. includes DRM register for registration, DRM test module Almost all of the health care system, which consists of net- for testing DRM consistency, DRM interoperable module work elements, contains private and sensitive information for delivering DRM metadata, and DRM information mod- [8]. While it collects the data from various sources, the infor- ule for sharing DRM registration, sales, and usage informa- mation exposure will be increased. Then the attacker tries to tion with respective media service systems [16]. Security use the exposed information to make useful information. To management in Figure 2 shows a structure of the DRM stor- age and service system. It does not manage DRM metadata in use the system safely, users are usually operating with a cur- rent key-management system to encrypt. However, it is a the system or the media service system because a DRM can classic model that is being applied and it is difficult to apply be freely registered or released by DSP. This system retrieves into a new health care system [2]. M. B. Jain et al. and Khan DRM-related information from the DRM server provided by and Zhang had studied user interface requirements for web- the DSP and provides the information to the media service system when it is necessary. based integrated care pathways [9, 10]. The aim is to address Journal of Healthcare Engineering 3 Table 1: Damage records. Date Damage February 14, 2013, Acquiring privilege by inserting a malicious code into an employee’s PC, leaking about 43,000 patients’ personal Froedtert Hosp, USA information such as patient personal insurance certificate, card information, and social security number. Barnaby Jack, 2012, The hacker approaches the patient using an insulin pump and exploits the vulnerability of the small computer RSA Conference, USA inside the insulin pump. (i) Collecting various medical information from a domestic hospital using an overseas server. (ii) Medical records, prescription lists, and MRI images; not only hospital medical information but also the sales status of pharmaceutical companies. Korea, 2013 (iii) The hacker does not stop leaking medical information and takes control of the PC inside the hospital. (iv) Many medical institution PCs are infected with a malicious code. (v) Many hackers can remotely administer hospital PCs to arbitrarily manipulate prescriptions. Table 2: Threats to medical contents. Threats Contents (i) Cannot receive data from a source outside the trust boundary. Consider using logging or auditing Repudiation to record the source, time, and summary. (ii) Device claims: cannot write data received from an entity on the other side of the trust boundary. (i) Subject to a persistent cross-site scripting attack because it does not sanitize data storage “device” inputs/outputs and to cross-site scripting attacks. Tampering (ii) Reading or modifying data transmitted over an authenticated dataflow. (iii) Tampering by an attacker and leading to corruption of device. (iv) Attack via log files. (i) Be spoofed by an attacker, leading to information disclosure. Consider using a standard authentication mechanism to identify the destination process. Spoofing (ii) Be spoofed by an attacker, leading to incorrect data delivered to web server. (iii) Be spoofed by an attacker, leading to data being written to the attacker’s target instead of the device. (i) A DDoS attack to a server, which connects to a user device, a biosensor, will be a potential threat that makes a service impossible. DDoS (ii) Resource consumption can be hard to deal with, and there are times that it makes sense to let the OS do the job. (i) Data flowing across generic dataflow may be sniffed by an attacker. It can be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Information disclosure (ii) When u#.profile, i#.info, and d#.info are required to be shared for patient movement, they have to share them with weak security. (i) Attack to personal information and medical records which transfers between a biosensor and a server, Eavesdropping/forgery a medical system and a server, or a user device and a server. 3. Safe Medical Record Management their disease level and the patients’ status (Table 3). N is the number of 32-bit words depending on the size of encryption 3.1. Medical Records with DRM. Figure 2 shows the suggested block, N is the number of 32-bit words depending on the security process with DRM. There are three components in key length of an encryption, and then N which is the num- medical record management with DRM: user#.Profile, ber of rounds is N = 6 + max (N , N ). The length of the R B K m.Server, and DRM server. The user#.Profile contains AES block is 128 bits and because it supports such 4 bits to Patient.Information, Insurance.Information, and Disease.- NB, 128 bits, 192 bits, and 256 bits to AES, therefore N Information. The m.Server keeps userm#.info.u# that has all gets 4, 6, and 8. Finally, the value in each round to each patients’ medical records like m1.info.u1, m2.info.u2,… , bit will be N = 6 + max (N , N ) = 6 + max ([4, 128], [6, R B B mx.info.ux. The DRM consists of License Policy Service and 196], [8, 256]) = (10, 12, 14). Lightweight cryptography is a Key Management Service which communicates to m.Server cryptographic algorithm for implementation in constrained in m#.info.u# [17]. environments including a sensor and a smart card in a health There are two security issues, signature/encryption and care system. It consists of a hardware implementation and a security level and lightweight cryptography in [18, 19]. For software implementation. In the hardware implementation signature and encryption, it takes the size of an input key case, physical size and energy consumption are very impor- and the number of encryption rounds after analyzing a new tant to decide as to how much should be spent. On the other structure that the computer plans to create when the physi- hand, in the software implementation case, smaller code and cian in charge takes their patients’ medical records following lesser memory size are suitable in lightweight cryptography. 4 Journal of Healthcare Engineering Decrypt(E(ALL)) Key Display register m1.info.user1 m#.info.u# Conform user1.Profile m.S m.Ser erv ver er .m1.info.u 1 HN.ID Rec.Level.1 .m2.info.u 2 Notice Rec.Level# U#.ID . mx.info.ux Rec.Level.2 Request key Define (Rec.Level#) Security module reply key.confirm Rec.Level.n Sig. Encrypt Rec.Level.1 DRM E(DI ||C ) Rec.Level.2 Health state 1 1 1 DRM License confirmation : Disease list Proxy/server Define (Rec.Level#) Doctor’s call # Content usage Rec.Level.n Key confirmation Notices License Key management management /service /policy Key confirmation & encryption License storage Key storage Security management Figure 2: Security process with DRM. Table 3: Requirement to lightweight process. Items Contents Because a sensor is a small device and has a limitation, the algorithm should have a small size for it to run, Code size achieved by reducing the number of code line. Security strength To process, the structure will be compacted; however, the encryption strength has to be kept strong. Fast speed The code should be optimized to speed up by decreasing the number of code lines and by removing useless codes. To use IoT devices, a sensor usually uses an encryption algorithm, but the devices which are used in a home Low energy health care system have a limitation of having a small size, so low energy consumption is necessary, which may be consumption achieved by decreasing the number of rounds in the encryption. The following items are the reasons why lightweight crypto- 3.3. Secure Medical Contents with DRM. The suggested elec- graphic algorithms are required [18, 19]. tronic registration form (ERF) consists of ERF = [(1) Patient.- Info(PI) ∥ (2) Insurance.Info(II) ∥ (3) Disease.Info(DI)] ], and each will be stored independently. It only takes the records 3.2. DRM System Module. The DRM interoperable module that it wants and needs. And because a patient could have manages metadata by using information from the DRM multiple diseases, (3) DI can be acceptable for multiple server and exchanges the information with the DRM module storing. PI links to II and to (PI → II ) and also to DI and n n in a system. It uses a DIF (DRM interoperable format) docu- to (PI → DI ); on the other hand, there is nothing to link n n ment, which extends CPIX (Content Protection Information between II and DI. It means that only PI can call what disease Exchange format) technology for exchanging the content records it exactly needs which is stored after encrypting, protection information and DRM metadata information. because PI is linked to each table of DI. Next, when the server The DRM consistency test module checks whether the is asked to perform, all it has to do is decrypt only the DRM metadata information is correctly received for the reg- data which is requested. It effects the reduction of cost such istered DRM and whether it can be used in the service. The as n ∗ t → n/i ∗ t as it has to decrypt all diseases [18]. pregenerated DIF v1.0 document (if updated to v2.0 and v3.0 through the DRM interoperable module and external DRM service, resp.) and the contents of the final document 4. Analysis are examined and judged. The DIF v3.0 document should contain accurate DRM metadata information and informa- 4.1. Security Strategies. In Section 4.3, it is suggested that a tion about authentication and decryption for CP. health care system with security contains medical record Journal of Healthcare Engineering 5 1: procedure Security.Process(u, i, d) 2: u#.profile(name, sex, birth, ID.number, phone, address); 3: i#.info(insurance, category, cover.scope); 4: d#.info(disease, found, birth, phone.number); 5: REGISTERu#.profileTOm.Server; 6: STOREu#.profileINm.Server; 7: REQUESTu#.KEYTODRM; 8: GENERATEu#.KEYinDRM; 9: UPDATEu#.licence.PolicyinDRM; 10: u#.profile, m.Server([Sig&Encrypt][DRMAgent]); 11: while r ≠ 0 do ▷ 12: Sig ← Signature(u#.profile) 13: Enc ← Encrypt(u#.profile) 14: Ngo ← Negotiation(Sig, Eng) ▷ negotiate between user and Server 15: K.set ← Fair(key(u#.profile, m.Server)fromDRM 16: Shr ← Share(K.set) 17: Crm ← Confirm(K.set 18: l.Crm ← License.Confirm(DRM, KeyManagement.Service) 19: end while 20: return ▷ 21: end procedure Algorithm 1: Security steps. security and channel security between a patient and a server in (iv) Data store denies device potentially writing data: a hospital. There are seven threats such as repudiation, tamper- patients claim that they did not write the data ing, spoofing, DDoS, information disclosure, eavesdropping/ received from an entity on the other side of the trust boundary. forgery modulation attack to medical record, and exposure of personal information by medical information sharing. (v) Potential data repudiation by a server: medical server claims that it did not receive data from a 4.2. Security Level Decision. ERF is structured for the records source outside the trust boundary. to be stored regarding each purpose of the records. It can be possible to partially encrypt only what it needs. There are two ways to decide on the security level. To define strong security strength, the first way is to store after encrypting the entire Solution. To protect the patients’ medical records, sensors records such as disease name and its symptom; its cost will have to confirm their unique number. Role ← u# pro sensor be E DI∥C . On the other hand, the second way is to store file∥u# devices Repudiation to device and stability of sensor after encrypting only the symptom; it does not encrypt the (patients’ number identify) and the patients’ information disease name. In the two cases, the strength costs expects stored in the sensor is formulated → (flow description ∥ next; the cost of the first way is 1 − DI/ DI + C ∗ 100 ∗ T, safety symbol). and the second cost will be 1 − C/ DI + C ∗ 100 ∗ T. 4.3.2. Tampering. It contains replay attacks, collision attacks, 4.3. Threats to Model and Solutions and risks from logging. The device data store could be cor- 4.3.1. Repudiation. It contains lower trusted subject update rupted and authenticated dataflow compromised. It is the logs, data logs from an unknown source, insufficient auditing, act of altering the bits. Tampering with a process involves data storage denying a device from potentially writing data, changing bits in the running process. Similarly, tampering and potential data repudiation by a server. Repudiation threats with a dataflow involves changing bits on the wire or between involve an adversary denying that something happened. two running processes. (i) Lower trusted subject update logs: letting everyone (i) Replay attacks: packets or messages without write to your logs can lead to repudiation problems. sequence numbers or time-stamps can be captured and replayed in a wide variety of ways. (ii) Data logs from an unknown source: it involves an adversary denying that something happened. (ii) Collision attacks: attackers who can send a series of packets or messages may be able to overlap data. (iii) Insufficient auditing: you might want to talk to an audit expert as well as a privacy expert about your (iii) Risks from logging: log readers can come under choice data. attack via log files. 6 Journal of Healthcare Engineering that a special key is used which encrypts and decrypts the (iv) Possible corruption of the data storage device: data flowing across generic dataflow may be tampered unique doctor’s ID information. The server in the hospital with by an attacker. or medical center has to control the unique ID information. (v) Authenticated dataflow compromised: an attacker 4.3.5. Information Disclosure. Weak authentication scheme, can read or modify data transmitted over an authen- authorization bypass, weak credential storage, and weak ticated dataflow. access control for a resource belong to information disclo- sure. This happens when it can be read by an unautho- rized party. Solution. To solve existing problem, integration processing has to be set to all medical records in a server and in a device. (i) Weak authentication scheme: custom authentication And only an authorized person can modify or edit the schemes are susceptible to common weakness. medical records. Following their authorization level, the per- (ii) Authorization bypass: it can access a security man- son only can take a look at the record which is on the same ager and bypass the permission for the object. authorization level. (iii) Weak credential storage: credentials held at the 4.3.3. Spoofing. There is a destination data storage security server are often disclosed or tampered with and manager, a source data storage device in spoofing, and it is credentials stored on the client are often stolen. when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, web- (iv) Weak access control for a resource: improper data site, or a network address. protection of patient lists can allow an attacker to read information not intended for disclosure. (i) Destination data storage security manager: the secu- rity manager may be spoofed by an attacker, and this may lead to data being written to the attacker’s target Solution. The medical center has to ask all of the staff to instead of the security manager. follow the center’s security policies by updating authentica- tion policies periodically such as restriction of information (ii) Source data storage device: the patient may be use, deleting, and copying. Next, output control of patients’ spoofed by an attacker, and this may lead to incorrect medical records is needed, keeping the log files when they data delivered to the medical server. access their records. 5. Conclusion Solution. The system has to check if the medical records are right from a patient, a server, and a DRM. Also, although This studied the security level of medical records, which con- the attacker intercepts the data, they cannot read the medical tains patients’ personal information, patient insurance infor- records without a security key by using a security module mation, and patients’ diseases list following the number of such as encryption. disease. Usually, a medical system gets the bioinformation by using sensors for biometrics. An addition to this software 4.3.4. DDoS. It consists of potential excessive resource implementation could change this procedure and its possible consumption for DRM, data storage inaccessibility, and impact to this algorithm. For example, automatic identifica- dataflow—generic dataflow is potentially interrupted and tion and data capture (AIDC) technology, such as sensors resource consumption attacks can be hard to deal with, and for iris, facial, fingerprint, or vocal recognition could allow there are times that it makes sense to let the OS do the job. and record biometric data which are unique to each individ- ual. This reason could enhance the security of algorithm- (i) Potential excessive resource consumption for DRM: denial of service happens when the process or data based strategies. The medical record size from the health care system would be decided by following how many insurances storage is not able to service incoming requests or and how many diseases, and the process time is very sensible perform up to spec. to the record size, because if the size is big, the processing (ii) Data storage inaccessibility: an external agent pre- time would be increased. Then the system surely gets stress. vents access to a data storage on the other side of Therefore, the partial process such as encryption/security the trust boundary. level is a necessity. Security management, as is suggested, consists of u#.profile to involve the patient’s information (iii) Dataflow—generic dataflow is potentially inter- such as name, sex, address, i#.info which is insurance infor- rupted: an external agent interrupts data flowing mation, and d#.info that lists all disease information in a across a trust boundary in either direction. server. In case the patient calls, as soon as the sensor at home detects the patient, it registers the patient information auto- Solution. To solve them, it is necessary to authenticate, which matically from the call to the hospital and shares its informa- is by a new authentication method, not with a simple ID/PW tion with the doctor. Then the security management in method but by ID card, used for legal access by a patient or a the server decides its security level, key, policies of license, responsible doctor. And also, it has to be taken into account and security. With this scenario, all systems would be Journal of Healthcare Engineering 7 control (FDC) of transformers,” in TENCON 2008 - 2008 IEEE used remotely in a network on the cloud. In the suggested Region 10 Conference, pp. 1–5, Hyderabad, India, 2008. system, we have set security functions like an encryption and authentication in the system; however, each step has [10] M. K. Khan and J. Zhang, “An efficient and practical fingerprint-based remote user authentication scheme with threats like our analysis results showed. The patient, medical smart cards,” in Information Security Practice and Experience, clinic, and server can be attacked by an attacker by repudia- pp. 260–268, Springer, Berlin, Heidelberg, 2006. tion, tampering, spoofing, DDoS, information disclosure, [11] R. Amin, S. K. H. Islam, G. P. Biswas, M. K. Khan, and eavesdropping/forgery modulation attack to medical record, N. Kumar, “An efficient and practical smart card based ano- and exposure of personal information by medical informa- nymity preserving user authentication scheme for tmis using tion sharing. To protect against these threats, we define elliptic curve cryptography,” Journal of Medical Systems, the security management with a license policy, security vol. 39, no. 11, p. 180, 2015. policy, and key management with the DRM server and [12] P. Yalla and J.-P. Kaps, “Compact FPGA implementation of DRM agent and we summarized the security strategies. camellia,” in 2009 International Conference on Field Program- We expect these strategies to help when we set the real health mable Logic and Applications, pp. 658–661, Prague, Czech care system on the cloud in the future. Republic, 2009. [13] J.-P. Kaps, “Chai-tea, cryptographic hardware implementa- Conflicts of Interest tions of xTEA,” in Lecture Notes in Computer Science, pp. 363–375, Springer, Berlin, Heidelberg, 2008. The authors declare that they have no conflicts of interest. [14] J.-P. Kaps and B. Sunar, “Energy comparison of aes and sha-1 for ubiquitous computing,” in Lecture Notes in Computer Acknowledgments Science, pp. 372–381, Springer, Berlin, Heidelberg, 2006. This research project was supported by Ministry of Culture, [15] C. Manifavas, G. Hatzivasilis, K. Fysarakis, and K. Rantos, Sports and Tourism (MCST) and Korea Copyright Com- “Lightweight cryptography for embedded systems – a compar- mission in 2016. This research was supported by Basic ative analysis,” in Lecture Notes in Computer Science, pp. 333– 349, Springer, Berlin, Heidelberg, 2014. Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of [16] D. L. Blankenbeckler, D. O. Ybarra, and L. Hesselink, “Digital rights management system and methods for provisioning con- Education (no. 2017R1A6A1A03015496). tent to an intelligent storage,” US Patent 9342701, 2016. [17] H.-M. Chen, J.-W. Lo, and C.-K. Yeh, “An efficient and secure References dynamic id-based authentication scheme for telecare medical [1] D. Gafurov and E. Snekkenes, “Gait recognition using information systems,” Journal of Medical Systems, vol. 36, wearable motion recording sensors,” EURASIP Journal on no. 6, pp. 3907–3915, 2012. Advances in Signal Processing, vol. 2009, 2009. [18] H. Ko, L. Mesicek, J. Choi, J. Choi, and S. Hwang, “A study on [2] R. Lu, X. Lin, and X. Shen, “Spoc: a secure and privacy- secure contents strategies for applications with drm on cloud preserving opportunistic computing framework for mobile- computing,” International Journal of Cloud Applications and healthcare emergency,” IEEE Transactions on Parallel and Computing, vol. 8, no. 1, pp. 143–153, 2018. Distributed Systems, vol. 24, no. 3, pp. 614–624, 2013. [19] C. Ramos, D. Martinho, G. Marreiros et al., “Ekrucami archi- [3] S. K. H. Islam, “Design and analysis of an improved smartcard- tecture–applications in healthcare domain,” Frontiers in Artifi- based remote user password authentication scheme,” Interna- cial Intelligence and Applications, vol. 298, pp. 140–152, 2017. tional Journal of Communication Systems, vol. 29, no. 11, pp. 1708–1719, 2016. [4] D. Cho, S. Hwang, G. Jeong, and H. Lim, “A digital media service system supporting multi-drm in the cloud,” Journal of Korea Multimedia Society, vol. 19, no. 4, pp. 765–773, 2016. [5] S. A. Chaudhry, K. Mahmood, H. Naqvi, and M. K. Khan, “An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography,” Journal of Medical Systems, vol. 39, no. 11, p. 175, 2015. [6] Z. Zhu, “An efficient authentication scheme for telecare medi- cine information systems,” Journal of Medical Systems, vol. 36, no. 6, pp. 3833–3838, 2012. [7] H. Ko and M. B. Song, “A study on the secure user profiling structure and procedure for home healthcare systems,” Journal of Medical Systems, vol. 40, no. 1, p. 1, 2016. [8] J. Sun and C. K. Reddy, “Big data analytics for healthcare,” in Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '13, pp. 1525– 1525, Chicago, Illinois, USA, 2013. [9] M. B. Jain, M. Srinivas, and A. Jain, “A novel web based expert system architecture for on-line and off-line fault diagnosis and International Journal of Advances in Rotating Machinery Multimedia Journal of The Scientific Journal of Engineering World Journal Sensors Hindawi Hindawi Publishing Corporation Hindawi Hindawi Hindawi Hindawi www.hindawi.com Volume 2018 http://www www.hindawi.com .hindawi.com V Volume 2018 olume 2013 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 Journal of Control Science and Engineering Advances in Civil Engineering Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 Submit your manuscripts at www.hindawi.com Journal of Journal of Electrical and Computer Robotics Engineering Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 VLSI Design Advances in OptoElectronics International Journal of Modelling & Aerospace International Journal of Simulation Navigation and in Engineering Engineering Observation Hindawi Hindawi Hindawi Hindawi Volume 2018 Volume 2018 Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com www.hindawi.com www.hindawi.com Volume 2018 International Journal of Active and Passive International Journal of Antennas and Advances in Chemical Engineering Propagation Electronic Components Shock and Vibration Acoustics and Vibration Hindawi Hindawi Hindawi Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Journal of Healthcare Engineering Hindawi Publishing Corporation

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

Loading next page...
 
/lp/hindawi-publishing-corporation/a-study-on-secure-medical-contents-strategies-with-drm-based-on-cloud-dp1ZUTLDa0

References (22)

Publisher
Hindawi Publishing Corporation
Copyright
Copyright © 2018 Hoon Ko et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. This research project was supported by Ministry of Culture, Sports and Tourism (MCST) and Korea Copyright Commission in 2016. This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (no. 2017R1A6A1A03015496).
ISSN
2040-2295
eISSN
2040-2309
DOI
10.1155/2018/6410180
Publisher site
See Article on Publisher Site

Abstract

Hindawi Journal of Healthcare Engineering Volume 2018, Article ID 6410180, 7 pages https://doi.org/10.1155/2018/6410180 Research Article A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing 1 2 3 4 Hoon Ko , Libor Měsíček, Jongsun Choi, and Seogchan Hwang IT Research Institute, Chosun University, 309 Pilmun-daero, Dong-gu, Gwangju 61452, Republic of Korea Jan Evangelista Purkyně University in Ústí nad Labem, Pasteurova 1, 400 96 Ústí nad Labem, Czech Republic School of Computer Science and Engineering, Soongsil University, 369 Sangdo-Ro, Dongjak-Gu, Seoul 06978, Republic of Korea Gensoloft Inc., 99 Jangseungbaegi-Ro, Dongjak-Gu, Seoul 06936, Republic of Korea Correspondence should be addressed to Seogchan Hwang; seogchan@gmail.com Received 22 August 2017; Accepted 25 December 2017; Published 29 March 2018 Academic Editor: Emiliano Schena Copyright © 2018 Hoon Ko et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients’ biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. 1. Introduction health care system’s large data technology collects the pattern of disease flow, which would come from heterogeneous devices. Next, with the analyzed results, a medical system A health care system needs some network devices such as or a doctor observes each patient’s status. Then each pre- smart devices, servers, and sensors based on a network, where the server is storing all of the patients’ medical infor- scription is suggested automatically, and these records are saved in a server in the health care system. As it was said, mation. The information in the system is used by a doctor when this is used, the system may have a privacy problem or medical experts to monitor all of the patients’ medical due to cyberattacks. To protect the records, all users need status remotely on a network. To connect to them, they can to log in their ID/password with an encryption algorithm. use Bluetooth or WiFi and other network technologies that can be used in health care systems. However, because of the As well, the encryption algorithm is used when the patents’ records are saved [2]. Now, the network that the system uses, systems process in the network, security problems such as and that which it has been using, has not enough protection cyberattacks certainly can appear in the system [1]. The dam- against cyberattackers with just an ID/password [3]. Even if it age will be serious; for example, in case there is a security has a security program, the security policy has to be updated accident like patient medical information leakage that con- tains a patient’s disease name and all medical records, it can periodically or automatically with security processes such as DRM agent or server, Key Management Policy, License lead to a privacy problem. In addition, the health care system Policy, and Security Policy. However, more important is uses a large amount of data with records about the patients’ how to keep the medical records following particular rules, disease to predict potential medical attacks or a sudden crit- which should consider each medical record. Therefore, this ical status. When it decides to analyze a small data set, the 2 Journal of Healthcare Engineering (1) Patient.Information (2) Insurance.Information (3) Disease.Information Figure 1: Patient registration form. paper suggests the security management of medical records this gap by evaluating the usability of a novel web-based tool in a health care system on the cloud [4] and shows its safety. called COCPIT (Collaborative Online Care Pathway Investi- Security management, as its name suggests, contains a gation Tool), which supports the design, analysis, and visual- DRM server, DRM agent, License Policy, Security Policy, ization of ICT at the population level. Patients and doctors and Key Management Policy. With these components, it use this interface to analyze their state by connecting to a is able to manage all security rules and policies in order to server. Now this idea is planned to be used only in a local reduce the potential and impact of risks from attacks, includ- area, like in a hospital. As viewed in [11], Amin et al. had pre- ing cyberattacks, that can be discovered in advance [1]. The sented a user authentication scheme for Telecare Medical rest of the paper is divided as follows: Section 2 describes Information System (TMIS), which can use the Internet related works, Section 3 explains safe medical record man- between a patient and a medical server [12–14]. To overcome agement, Section 4 contains the analysis, and Section 5 the security weakness, they had designed a medical system presents the conclusions. architecture and a standard mutual authentication scheme to exchange medical data. Also through this scheme, they share the key [5, 9, 10]. They had used elliptic curve cryptog- 2. The Related Works raphy which is a good algorithm in a mobile device [15]. 2.1. Medical Records. Microsoft provides usage with an Office Open XML format which supports portable medical elec- 2.2. Threats and Damages. This section contains the threats tronics, a standard within the medical industry with Office to the medical contents. Security and medical record protec- 2007 [5, 6]. Also, many relevant institutes have been working tion issues are of importance in the adoption of a cloud-based with this similar area. As shown in Figure 1, Hoon Ko had health care solution. We have summarized cyberattack and defined the medical record form that normally contains 3 damage records in Tables 1 and 2. categories: (1) Patient.Information which consists of name, birth information, and address; (2) Insurance.Information which includes the insurance information of the patient 2.3. DRM Storage System. The DRM storage system runs and a phone number in case of an emergency; and (3) Disea- independently of the health care system. This system se.Information that involves detailed disease information [7]. includes DRM register for registration, DRM test module Almost all of the health care system, which consists of net- for testing DRM consistency, DRM interoperable module work elements, contains private and sensitive information for delivering DRM metadata, and DRM information mod- [8]. While it collects the data from various sources, the infor- ule for sharing DRM registration, sales, and usage informa- mation exposure will be increased. Then the attacker tries to tion with respective media service systems [16]. Security use the exposed information to make useful information. To management in Figure 2 shows a structure of the DRM stor- age and service system. It does not manage DRM metadata in use the system safely, users are usually operating with a cur- rent key-management system to encrypt. However, it is a the system or the media service system because a DRM can classic model that is being applied and it is difficult to apply be freely registered or released by DSP. This system retrieves into a new health care system [2]. M. B. Jain et al. and Khan DRM-related information from the DRM server provided by and Zhang had studied user interface requirements for web- the DSP and provides the information to the media service system when it is necessary. based integrated care pathways [9, 10]. The aim is to address Journal of Healthcare Engineering 3 Table 1: Damage records. Date Damage February 14, 2013, Acquiring privilege by inserting a malicious code into an employee’s PC, leaking about 43,000 patients’ personal Froedtert Hosp, USA information such as patient personal insurance certificate, card information, and social security number. Barnaby Jack, 2012, The hacker approaches the patient using an insulin pump and exploits the vulnerability of the small computer RSA Conference, USA inside the insulin pump. (i) Collecting various medical information from a domestic hospital using an overseas server. (ii) Medical records, prescription lists, and MRI images; not only hospital medical information but also the sales status of pharmaceutical companies. Korea, 2013 (iii) The hacker does not stop leaking medical information and takes control of the PC inside the hospital. (iv) Many medical institution PCs are infected with a malicious code. (v) Many hackers can remotely administer hospital PCs to arbitrarily manipulate prescriptions. Table 2: Threats to medical contents. Threats Contents (i) Cannot receive data from a source outside the trust boundary. Consider using logging or auditing Repudiation to record the source, time, and summary. (ii) Device claims: cannot write data received from an entity on the other side of the trust boundary. (i) Subject to a persistent cross-site scripting attack because it does not sanitize data storage “device” inputs/outputs and to cross-site scripting attacks. Tampering (ii) Reading or modifying data transmitted over an authenticated dataflow. (iii) Tampering by an attacker and leading to corruption of device. (iv) Attack via log files. (i) Be spoofed by an attacker, leading to information disclosure. Consider using a standard authentication mechanism to identify the destination process. Spoofing (ii) Be spoofed by an attacker, leading to incorrect data delivered to web server. (iii) Be spoofed by an attacker, leading to data being written to the attacker’s target instead of the device. (i) A DDoS attack to a server, which connects to a user device, a biosensor, will be a potential threat that makes a service impossible. DDoS (ii) Resource consumption can be hard to deal with, and there are times that it makes sense to let the OS do the job. (i) Data flowing across generic dataflow may be sniffed by an attacker. It can be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Information disclosure (ii) When u#.profile, i#.info, and d#.info are required to be shared for patient movement, they have to share them with weak security. (i) Attack to personal information and medical records which transfers between a biosensor and a server, Eavesdropping/forgery a medical system and a server, or a user device and a server. 3. Safe Medical Record Management their disease level and the patients’ status (Table 3). N is the number of 32-bit words depending on the size of encryption 3.1. Medical Records with DRM. Figure 2 shows the suggested block, N is the number of 32-bit words depending on the security process with DRM. There are three components in key length of an encryption, and then N which is the num- medical record management with DRM: user#.Profile, ber of rounds is N = 6 + max (N , N ). The length of the R B K m.Server, and DRM server. The user#.Profile contains AES block is 128 bits and because it supports such 4 bits to Patient.Information, Insurance.Information, and Disease.- NB, 128 bits, 192 bits, and 256 bits to AES, therefore N Information. The m.Server keeps userm#.info.u# that has all gets 4, 6, and 8. Finally, the value in each round to each patients’ medical records like m1.info.u1, m2.info.u2,… , bit will be N = 6 + max (N , N ) = 6 + max ([4, 128], [6, R B B mx.info.ux. The DRM consists of License Policy Service and 196], [8, 256]) = (10, 12, 14). Lightweight cryptography is a Key Management Service which communicates to m.Server cryptographic algorithm for implementation in constrained in m#.info.u# [17]. environments including a sensor and a smart card in a health There are two security issues, signature/encryption and care system. It consists of a hardware implementation and a security level and lightweight cryptography in [18, 19]. For software implementation. In the hardware implementation signature and encryption, it takes the size of an input key case, physical size and energy consumption are very impor- and the number of encryption rounds after analyzing a new tant to decide as to how much should be spent. On the other structure that the computer plans to create when the physi- hand, in the software implementation case, smaller code and cian in charge takes their patients’ medical records following lesser memory size are suitable in lightweight cryptography. 4 Journal of Healthcare Engineering Decrypt(E(ALL)) Key Display register m1.info.user1 m#.info.u# Conform user1.Profile m.S m.Ser erv ver er .m1.info.u 1 HN.ID Rec.Level.1 .m2.info.u 2 Notice Rec.Level# U#.ID . mx.info.ux Rec.Level.2 Request key Define (Rec.Level#) Security module reply key.confirm Rec.Level.n Sig. Encrypt Rec.Level.1 DRM E(DI ||C ) Rec.Level.2 Health state 1 1 1 DRM License confirmation : Disease list Proxy/server Define (Rec.Level#) Doctor’s call # Content usage Rec.Level.n Key confirmation Notices License Key management management /service /policy Key confirmation & encryption License storage Key storage Security management Figure 2: Security process with DRM. Table 3: Requirement to lightweight process. Items Contents Because a sensor is a small device and has a limitation, the algorithm should have a small size for it to run, Code size achieved by reducing the number of code line. Security strength To process, the structure will be compacted; however, the encryption strength has to be kept strong. Fast speed The code should be optimized to speed up by decreasing the number of code lines and by removing useless codes. To use IoT devices, a sensor usually uses an encryption algorithm, but the devices which are used in a home Low energy health care system have a limitation of having a small size, so low energy consumption is necessary, which may be consumption achieved by decreasing the number of rounds in the encryption. The following items are the reasons why lightweight crypto- 3.3. Secure Medical Contents with DRM. The suggested elec- graphic algorithms are required [18, 19]. tronic registration form (ERF) consists of ERF = [(1) Patient.- Info(PI) ∥ (2) Insurance.Info(II) ∥ (3) Disease.Info(DI)] ], and each will be stored independently. It only takes the records 3.2. DRM System Module. The DRM interoperable module that it wants and needs. And because a patient could have manages metadata by using information from the DRM multiple diseases, (3) DI can be acceptable for multiple server and exchanges the information with the DRM module storing. PI links to II and to (PI → II ) and also to DI and n n in a system. It uses a DIF (DRM interoperable format) docu- to (PI → DI ); on the other hand, there is nothing to link n n ment, which extends CPIX (Content Protection Information between II and DI. It means that only PI can call what disease Exchange format) technology for exchanging the content records it exactly needs which is stored after encrypting, protection information and DRM metadata information. because PI is linked to each table of DI. Next, when the server The DRM consistency test module checks whether the is asked to perform, all it has to do is decrypt only the DRM metadata information is correctly received for the reg- data which is requested. It effects the reduction of cost such istered DRM and whether it can be used in the service. The as n ∗ t → n/i ∗ t as it has to decrypt all diseases [18]. pregenerated DIF v1.0 document (if updated to v2.0 and v3.0 through the DRM interoperable module and external DRM service, resp.) and the contents of the final document 4. Analysis are examined and judged. The DIF v3.0 document should contain accurate DRM metadata information and informa- 4.1. Security Strategies. In Section 4.3, it is suggested that a tion about authentication and decryption for CP. health care system with security contains medical record Journal of Healthcare Engineering 5 1: procedure Security.Process(u, i, d) 2: u#.profile(name, sex, birth, ID.number, phone, address); 3: i#.info(insurance, category, cover.scope); 4: d#.info(disease, found, birth, phone.number); 5: REGISTERu#.profileTOm.Server; 6: STOREu#.profileINm.Server; 7: REQUESTu#.KEYTODRM; 8: GENERATEu#.KEYinDRM; 9: UPDATEu#.licence.PolicyinDRM; 10: u#.profile, m.Server([Sig&Encrypt][DRMAgent]); 11: while r ≠ 0 do ▷ 12: Sig ← Signature(u#.profile) 13: Enc ← Encrypt(u#.profile) 14: Ngo ← Negotiation(Sig, Eng) ▷ negotiate between user and Server 15: K.set ← Fair(key(u#.profile, m.Server)fromDRM 16: Shr ← Share(K.set) 17: Crm ← Confirm(K.set 18: l.Crm ← License.Confirm(DRM, KeyManagement.Service) 19: end while 20: return ▷ 21: end procedure Algorithm 1: Security steps. security and channel security between a patient and a server in (iv) Data store denies device potentially writing data: a hospital. There are seven threats such as repudiation, tamper- patients claim that they did not write the data ing, spoofing, DDoS, information disclosure, eavesdropping/ received from an entity on the other side of the trust boundary. forgery modulation attack to medical record, and exposure of personal information by medical information sharing. (v) Potential data repudiation by a server: medical server claims that it did not receive data from a 4.2. Security Level Decision. ERF is structured for the records source outside the trust boundary. to be stored regarding each purpose of the records. It can be possible to partially encrypt only what it needs. There are two ways to decide on the security level. To define strong security strength, the first way is to store after encrypting the entire Solution. To protect the patients’ medical records, sensors records such as disease name and its symptom; its cost will have to confirm their unique number. Role ← u# pro sensor be E DI∥C . On the other hand, the second way is to store file∥u# devices Repudiation to device and stability of sensor after encrypting only the symptom; it does not encrypt the (patients’ number identify) and the patients’ information disease name. In the two cases, the strength costs expects stored in the sensor is formulated → (flow description ∥ next; the cost of the first way is 1 − DI/ DI + C ∗ 100 ∗ T, safety symbol). and the second cost will be 1 − C/ DI + C ∗ 100 ∗ T. 4.3.2. Tampering. It contains replay attacks, collision attacks, 4.3. Threats to Model and Solutions and risks from logging. The device data store could be cor- 4.3.1. Repudiation. It contains lower trusted subject update rupted and authenticated dataflow compromised. It is the logs, data logs from an unknown source, insufficient auditing, act of altering the bits. Tampering with a process involves data storage denying a device from potentially writing data, changing bits in the running process. Similarly, tampering and potential data repudiation by a server. Repudiation threats with a dataflow involves changing bits on the wire or between involve an adversary denying that something happened. two running processes. (i) Lower trusted subject update logs: letting everyone (i) Replay attacks: packets or messages without write to your logs can lead to repudiation problems. sequence numbers or time-stamps can be captured and replayed in a wide variety of ways. (ii) Data logs from an unknown source: it involves an adversary denying that something happened. (ii) Collision attacks: attackers who can send a series of packets or messages may be able to overlap data. (iii) Insufficient auditing: you might want to talk to an audit expert as well as a privacy expert about your (iii) Risks from logging: log readers can come under choice data. attack via log files. 6 Journal of Healthcare Engineering that a special key is used which encrypts and decrypts the (iv) Possible corruption of the data storage device: data flowing across generic dataflow may be tampered unique doctor’s ID information. The server in the hospital with by an attacker. or medical center has to control the unique ID information. (v) Authenticated dataflow compromised: an attacker 4.3.5. Information Disclosure. Weak authentication scheme, can read or modify data transmitted over an authen- authorization bypass, weak credential storage, and weak ticated dataflow. access control for a resource belong to information disclo- sure. This happens when it can be read by an unautho- rized party. Solution. To solve existing problem, integration processing has to be set to all medical records in a server and in a device. (i) Weak authentication scheme: custom authentication And only an authorized person can modify or edit the schemes are susceptible to common weakness. medical records. Following their authorization level, the per- (ii) Authorization bypass: it can access a security man- son only can take a look at the record which is on the same ager and bypass the permission for the object. authorization level. (iii) Weak credential storage: credentials held at the 4.3.3. Spoofing. There is a destination data storage security server are often disclosed or tampered with and manager, a source data storage device in spoofing, and it is credentials stored on the client are often stolen. when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, web- (iv) Weak access control for a resource: improper data site, or a network address. protection of patient lists can allow an attacker to read information not intended for disclosure. (i) Destination data storage security manager: the secu- rity manager may be spoofed by an attacker, and this may lead to data being written to the attacker’s target Solution. The medical center has to ask all of the staff to instead of the security manager. follow the center’s security policies by updating authentica- tion policies periodically such as restriction of information (ii) Source data storage device: the patient may be use, deleting, and copying. Next, output control of patients’ spoofed by an attacker, and this may lead to incorrect medical records is needed, keeping the log files when they data delivered to the medical server. access their records. 5. Conclusion Solution. The system has to check if the medical records are right from a patient, a server, and a DRM. Also, although This studied the security level of medical records, which con- the attacker intercepts the data, they cannot read the medical tains patients’ personal information, patient insurance infor- records without a security key by using a security module mation, and patients’ diseases list following the number of such as encryption. disease. Usually, a medical system gets the bioinformation by using sensors for biometrics. An addition to this software 4.3.4. DDoS. It consists of potential excessive resource implementation could change this procedure and its possible consumption for DRM, data storage inaccessibility, and impact to this algorithm. For example, automatic identifica- dataflow—generic dataflow is potentially interrupted and tion and data capture (AIDC) technology, such as sensors resource consumption attacks can be hard to deal with, and for iris, facial, fingerprint, or vocal recognition could allow there are times that it makes sense to let the OS do the job. and record biometric data which are unique to each individ- ual. This reason could enhance the security of algorithm- (i) Potential excessive resource consumption for DRM: denial of service happens when the process or data based strategies. The medical record size from the health care system would be decided by following how many insurances storage is not able to service incoming requests or and how many diseases, and the process time is very sensible perform up to spec. to the record size, because if the size is big, the processing (ii) Data storage inaccessibility: an external agent pre- time would be increased. Then the system surely gets stress. vents access to a data storage on the other side of Therefore, the partial process such as encryption/security the trust boundary. level is a necessity. Security management, as is suggested, consists of u#.profile to involve the patient’s information (iii) Dataflow—generic dataflow is potentially inter- such as name, sex, address, i#.info which is insurance infor- rupted: an external agent interrupts data flowing mation, and d#.info that lists all disease information in a across a trust boundary in either direction. server. In case the patient calls, as soon as the sensor at home detects the patient, it registers the patient information auto- Solution. To solve them, it is necessary to authenticate, which matically from the call to the hospital and shares its informa- is by a new authentication method, not with a simple ID/PW tion with the doctor. Then the security management in method but by ID card, used for legal access by a patient or a the server decides its security level, key, policies of license, responsible doctor. And also, it has to be taken into account and security. With this scenario, all systems would be Journal of Healthcare Engineering 7 control (FDC) of transformers,” in TENCON 2008 - 2008 IEEE used remotely in a network on the cloud. In the suggested Region 10 Conference, pp. 1–5, Hyderabad, India, 2008. system, we have set security functions like an encryption and authentication in the system; however, each step has [10] M. K. Khan and J. Zhang, “An efficient and practical fingerprint-based remote user authentication scheme with threats like our analysis results showed. The patient, medical smart cards,” in Information Security Practice and Experience, clinic, and server can be attacked by an attacker by repudia- pp. 260–268, Springer, Berlin, Heidelberg, 2006. tion, tampering, spoofing, DDoS, information disclosure, [11] R. Amin, S. K. H. Islam, G. P. Biswas, M. K. Khan, and eavesdropping/forgery modulation attack to medical record, N. Kumar, “An efficient and practical smart card based ano- and exposure of personal information by medical informa- nymity preserving user authentication scheme for tmis using tion sharing. To protect against these threats, we define elliptic curve cryptography,” Journal of Medical Systems, the security management with a license policy, security vol. 39, no. 11, p. 180, 2015. policy, and key management with the DRM server and [12] P. Yalla and J.-P. Kaps, “Compact FPGA implementation of DRM agent and we summarized the security strategies. camellia,” in 2009 International Conference on Field Program- We expect these strategies to help when we set the real health mable Logic and Applications, pp. 658–661, Prague, Czech care system on the cloud in the future. Republic, 2009. [13] J.-P. Kaps, “Chai-tea, cryptographic hardware implementa- Conflicts of Interest tions of xTEA,” in Lecture Notes in Computer Science, pp. 363–375, Springer, Berlin, Heidelberg, 2008. The authors declare that they have no conflicts of interest. [14] J.-P. Kaps and B. Sunar, “Energy comparison of aes and sha-1 for ubiquitous computing,” in Lecture Notes in Computer Acknowledgments Science, pp. 372–381, Springer, Berlin, Heidelberg, 2006. This research project was supported by Ministry of Culture, [15] C. Manifavas, G. Hatzivasilis, K. Fysarakis, and K. Rantos, Sports and Tourism (MCST) and Korea Copyright Com- “Lightweight cryptography for embedded systems – a compar- mission in 2016. This research was supported by Basic ative analysis,” in Lecture Notes in Computer Science, pp. 333– 349, Springer, Berlin, Heidelberg, 2014. Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of [16] D. L. Blankenbeckler, D. O. Ybarra, and L. Hesselink, “Digital rights management system and methods for provisioning con- Education (no. 2017R1A6A1A03015496). tent to an intelligent storage,” US Patent 9342701, 2016. [17] H.-M. Chen, J.-W. Lo, and C.-K. Yeh, “An efficient and secure References dynamic id-based authentication scheme for telecare medical [1] D. Gafurov and E. Snekkenes, “Gait recognition using information systems,” Journal of Medical Systems, vol. 36, wearable motion recording sensors,” EURASIP Journal on no. 6, pp. 3907–3915, 2012. Advances in Signal Processing, vol. 2009, 2009. [18] H. Ko, L. Mesicek, J. Choi, J. Choi, and S. Hwang, “A study on [2] R. Lu, X. Lin, and X. Shen, “Spoc: a secure and privacy- secure contents strategies for applications with drm on cloud preserving opportunistic computing framework for mobile- computing,” International Journal of Cloud Applications and healthcare emergency,” IEEE Transactions on Parallel and Computing, vol. 8, no. 1, pp. 143–153, 2018. Distributed Systems, vol. 24, no. 3, pp. 614–624, 2013. [19] C. Ramos, D. Martinho, G. Marreiros et al., “Ekrucami archi- [3] S. K. H. Islam, “Design and analysis of an improved smartcard- tecture–applications in healthcare domain,” Frontiers in Artifi- based remote user password authentication scheme,” Interna- cial Intelligence and Applications, vol. 298, pp. 140–152, 2017. tional Journal of Communication Systems, vol. 29, no. 11, pp. 1708–1719, 2016. [4] D. Cho, S. Hwang, G. Jeong, and H. Lim, “A digital media service system supporting multi-drm in the cloud,” Journal of Korea Multimedia Society, vol. 19, no. 4, pp. 765–773, 2016. [5] S. A. Chaudhry, K. Mahmood, H. Naqvi, and M. K. Khan, “An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography,” Journal of Medical Systems, vol. 39, no. 11, p. 175, 2015. [6] Z. Zhu, “An efficient authentication scheme for telecare medi- cine information systems,” Journal of Medical Systems, vol. 36, no. 6, pp. 3833–3838, 2012. [7] H. Ko and M. B. Song, “A study on the secure user profiling structure and procedure for home healthcare systems,” Journal of Medical Systems, vol. 40, no. 1, p. 1, 2016. [8] J. Sun and C. K. Reddy, “Big data analytics for healthcare,” in Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '13, pp. 1525– 1525, Chicago, Illinois, USA, 2013. [9] M. B. Jain, M. Srinivas, and A. Jain, “A novel web based expert system architecture for on-line and off-line fault diagnosis and International Journal of Advances in Rotating Machinery Multimedia Journal of The Scientific Journal of Engineering World Journal Sensors Hindawi Hindawi Publishing Corporation Hindawi Hindawi Hindawi Hindawi www.hindawi.com Volume 2018 http://www www.hindawi.com .hindawi.com V Volume 2018 olume 2013 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 Journal of Control Science and Engineering Advances in Civil Engineering Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 Submit your manuscripts at www.hindawi.com Journal of Journal of Electrical and Computer Robotics Engineering Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 VLSI Design Advances in OptoElectronics International Journal of Modelling & Aerospace International Journal of Simulation Navigation and in Engineering Engineering Observation Hindawi Hindawi Hindawi Hindawi Volume 2018 Volume 2018 Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com www.hindawi.com www.hindawi.com Volume 2018 International Journal of Active and Passive International Journal of Antennas and Advances in Chemical Engineering Propagation Electronic Components Shock and Vibration Acoustics and Vibration Hindawi Hindawi Hindawi Hindawi Hindawi www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018 www.hindawi.com Volume 2018

Journal

Journal of Healthcare EngineeringHindawi Publishing Corporation

Published: Mar 29, 2018

There are no references for this article.