Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Paper 13

Download as pdf or txt
Download as pdf or txt
You are on page 1of 13

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/340926266

A Secured Cloud-Based Electronic-Health Record System using Fingerprint


Biometric and Attribute-Based Encryption Afr

Article · January 2015

CITATIONS READS

2 1,523

1 author:

Aderonke Ikuomola
Olusegun Agagu University of Science and Technology
31 PUBLICATIONS 83 CITATIONS

SEE PROFILE

All content following this page was uploaded by Aderonke Ikuomola on 25 April 2020.

The user has requested enhancement of the downloaded file.


1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

A Secured Cloud-Based Electronic-Health Record System using Fingerprint


Biometric and Attribute-Based Encryption
A.J. Ikuomola
Department of Mathematical Sciences,
Ondo State University of Science and Technology
Okitipupa, Nigeria
deronikng@yahoo.com

ABSTRACT

The common access control method for candidates into examination halls in higher institutions is the paper based examination
The electronic health record is a systematic way of arranging, organizing, indexing and managing medical records in advanced
system storage. Present e-health records are not effective because health record are kept locally on personal computers in
different hospitals, as a result of this, there are recurrence and redundancy of patient’s e-health record, hence, the issues of
patient’s confidentiality and privacy become jeopardize. In this work, a secured cloud-based e-health record system using
fingerprint biometric and attributes encryption is design. The system (FINABE eHealth Record) comprises of five modules
namely; arrival of patient, fingerprint capture, enrolment/verification, hospital and cloud which is made up of the authentication
server, database and middleware. The system was implemented using Microsoft Visual Studio C# with SQL Server database, and
was tested using electronic fingerprint scanner which was interfaced to the digital computer system for verifying patient identity.
The performance of FINABE eHealth Record shows that it provides an efficient technique for solving the issues of privacy and
security of EHR system in the cloud.

Keyboards: Biometric, Cloud-computing, E-health record, Encryption.

African Journal of Computing & ICT Reference Format:


A.J. Ikuomola (2015): A Secured Cloud-Based Electronic-Health Record System using Fingerprint Biometric and Attribute-Based Encryption
Afr J. of Comp & ICTs. Vol 8, No. 2, Issue 2. Pp 153-164.

1. INTRODUCTION

Healthcare is an area of concern to all population, in the same Cloud computing servers provides promising platform for
vain medical record needs to be made accessible as required storage and processing of healthcare data. While such cloud-
by the consent user and authorized healthcare personnel [2]. In based e-health record systems promise a more cost-efficient
the past, healthcare providers (such as the family doctor) service and improved service quality, the complexity to
stored medical records of their patients on paper locally hence, manage data security and privacy increases [9], providing
keeping the paper records in a locked cabin is the doctor's complete health history, avoiding repeated tests, and allowing
practice. Even the increasing use of personal computers and appropriate authorities to have ready access to Personal Health
modern information technology in medical institutions Records anytime anywhere [6]. However, access to patient
allowed for a moderate effort to manage privacy and information must be done discreetly and must comply with
confidentiality of individual medical records [9]. However, some corporate policies, for example; granting full access to
patients sometimes may need to get services from different any health professional is simply not the best but instead, a
healthcare centers for various reasons, such as, need to visit limited and/or partial access should be granted. This can be
specialized care at specialized centers, travelling away from done by granting proper access to a patient’s EHR remotely
usual residential area, and moving residence. As such, the with the use of attribute based encryption and biometric
stored health information in a healthcare center is usually identification system. In order to achieve fine grained data
accessible only to healthcare personnel of that center. For access control for health records stored in the cloud, attribute
example, a patient having health records in three different based encryption (ABE) techniques is used to encrypt each
hospitals (A, B and C). Doctors of hospital A cannot access patient’s health record file in the cloud, while the fingerprint
the patient’s health records that are stored in two other biometric is used to supplement attribute based key thereby
hospitals B and C. As consequence, patients often need to imparting additional level of security.
retell their medical history and redo tests whenever they
encounter a new health care provider [6].

153
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

2. LITERATURE REVIEW system architecture. First, the biometric terminal user collects
the patients fingerprint image which is send as a SQL query to
[8] proposed a biometric authentication system that uses the the central database through the biometric terminal’s mobile
voice and signature modalities. These modalities are broadband connection for matching. After this process, the
unobtrusive and emulate the current, already well accepted result is either the set of privacy preserved values from a
system whereby a patient authenticates herself when seeking record or a not found message. The authors failed to present
treatment or visiting a doctor’s office for consultation. This their work on a cloud based system but rather on a SQL
technique is non-invasive to the user and flexible in the sense database system and this model does not provide a flexible
that it can be changed by the user, yet the error rates can be mechanism to change the privacy policies as all patients are
very high due to inconsistencies in one’s signature. The enforced to comply with the same policy.
authors approach did not consider patients during emergency [7] proposed a unique authentication and encryption technique
situations that are unable to speak or in an unconscious state using Attribute-based Encryption System algorithm in
and also the use of voice authentication excludes the deaf- securing personal health records (PHR) in the cloud. The PHR
mute patients. owner herself will decide on how to encrypt her file and which
set of users are allowed to access each file. Access control and
[4] proposed “Patient Controlled Encryption: Ensuring privacy guarantee could be a major problem issues in the
Privacy of Electronic Medical Records” which is refer to as design.
Patient Controlled Encryption (PCE) as a solution to secure [12] proposed the security of PHR in cloud computing by
and private storage of patients’ medical records which allows using several attribute-based encryption techniques. In this
the patient to selectively share records among doctors and system, the users are classified into two security domains
healthcare providers. The system prevents unauthorized access called Personal Security Domain and Public Security Domain.
to patients' medical data by data storage providers, healthcare The users like family members, friends are included in the
providers, pharmaceutical companies, insurance companies, or personal domain and the users from the health care
others who have not been given the appropriate decryption organization and insurance field are considering as the data
keys. The author approach doesn’t provide an efficient users from the public domain. For the two different set of user
scenario for emergency access, potential key management domain the variations of attribute-based encryption are used.
overhead and no support for a key escrow agent in For the personal security domain, the revocable key-policy
emergencies. attribute-based encryption scheme is used. For the public
security domain, the multiple-authority attribute scheme is
[11], presented a cloud based rural healthcare information proposed. In the PUD the system will define some role-
system model. The requirement of the Cloud based attributes also.
information system is to create secure, state-of-art facility to [3] proposed the architecture of a cloud-based healthcare
store the data/information available in different healthcare application which intend to serve patients in emergency
centers and to provide access to users in a secured manner, as conditions. In their design a centralized cloud database would
per their roles and privileges. It can also be used to share hold individual’s medical history in a single summarized
information seamlessly and in near-real-time across devices document. In case of any accident or emergency situation, the
and other organizations. patient’s previous medical history can be retrieved from the
cloud database before starting any crucial operation. This
[10] proposed a secured Health cloud architecture for patient’s system can also be integrated with state owned unique
health data collection. Their work is based on Wireless Sensor identification number systems.
Network (WSN) integrated with Cloud computing technology. [1] proposed an enterprise cloud-based electronic health
They proposed to have Cypher-text Policy-ABE within their records system for recording, retrieving, archiving and
cloud infrastructure to guarantee data security, privacy and updating of patients and other medical records. The Cloud
fine grained access control of data. The gave constraint on database acts as the unified data bank for all the collaborating
attributes of different types of patients to reduce unnecessary hospitals, the middleware provides a common platform for all
data storage. Thus, the approach used makes the whole data the EHR systems between remote hospitals while an
collection and management technique unique. authentication server grants access to authorized users and
[5] proposed two hardware components, two software denies unauthorized users access to records or resources on the
components, and a set of privacy-preservation policies in their system.

154
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

3. ARCHITECTURE OF A SECURED CLOUD-BASED ELECTRONIC-HEALTH RECORDS SYSTEM USING


FINGERPRINT BIOMETRIC AND ATTRIBUTE-BASED ENCRYPTION.
The architecture of a secure cloud-based electronic-health records system using fingerprint biometric and attribute-based
encryption (FINABE) is presented in figure 1 below:

Figure 1: Architecture design of a Cloud-Based Electronic Health Record System.

(a) Arrival of Patient: Thus, the hardware and system software component in the
This is the arrival of the patient at the Healthcare Centre either cloud are the authentication server, EHR database and the
at emergency or non-emergency. middleware which include the network and the interface.
However, EHR are encrypted at the registration post before it
(b) Fingerprint / Pin: is sent to the public cloud and decrypted with keys for
The patient present it’s mean of authentication which can updating, editing and monitor the improvement of the patient’s
either be patient’s fingerprint or user password/pin before illness at different hospital and later stored in the cloud-based
him/her can be attended to. system.

(c) Enrollment / Verification: (i) Middleware:


At the healthcare attendant unit, the patient is asked to enroll This part of the cloud provides a common platform for all the
or verified his identity. If the patient has earlier enrolled his EHR systems of the sharing hospitals. It has an interface that
bio-data, then the health record would be verified in the cloud- masks the heterogeneity of all collaborating hospitals EHR
based authentication server. Otherwise, the patient enrolls his standards, to facilitate the communication transactions
or her biometric bio-data. The bio-data document generated is between the central database and hospitals’ systems. It
encrypted before it is send to the cloud. recognizes any type of EHR standard it communicates with.
This middleware remains in the cloud and communicates with
(d) Cloud: the sharing hospitals via network connections. In this regard,
Cloud computing presented in the architecture is an efficient each hospital does not need to have its own separate mask
component by which patient and health workers can access, interface in order to benefit from the cloud; just an interface is
store and retrieve electronic health data in the cloud at any enough to handle the job.
license Health Centre and at any time through the use of
internet facilities. The cloud offer pay-as-you-go service
because internal datacenters and application are delivered as a
service over the internet to the public used making it a public
cloud.

155
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

(ii) Authentication Server: From the architecture, there is an interaction between the
This is the part of the system that handles authentication and middleware and the CDB in the cloud and this is because
authorization. It verifies if an entity using the system has the application users from different hospital access a centralized
right to perform the intended action such as (updating, database through a computer network which is able to give
retrieving, transferring, etc.) on the health information them access to the central CPU. Whereby, all of the
provided. The authentication server grants access to information stored on the centralized database is accessible
authorized users and denies unauthorized users access to from a large number of different points.
records or resources on the system.
This is achieved through the generation of usernames and (d) Hospital (Health Care Centre)
passwords for doctors (or other members of staff) of the The various healthcare centers retrieve the patient’s medical
sharing hospitals who will serve as part of the admin. Any records history from the cloud using the Infrastructure as a
member of the admin is expected to log in to the system with Service (IaaS) and Software as a Service (SaaS) in the order of
their username and password. The system compares the pay-as-go manner to the public. The connectivity technology
username and password with those in the local database and used to connect to the cloud can be wired or wireless
grants access to the user if they match, otherwise, the user is technology such as 3G/4G, WIFI etc. and the devices used are
denied access. i-pad, laptop, personal computer etc. It is only a licensed and
authorized hospital or clinics that have the right to retrieve a
(iii) Centralize Database patient’s medical record history and updated the summarized
The centralized database sometimes called CDB is a database record back to the centralized database in the cloud. Hence,
that is located, stored and maintained in a single location. The the data is encrypted before it is stored in the cloud for
CDB is located in the cloud presented in the architecture security purpose.
usually a central computer or a database system.

4. IMPLEMENTATION

FINABE was implemented with Visual C# and MySQL database. The end user interface is a graphical representation of the
design as shown in figure 2 below. The home window has four (4) menu namely; Administrator, Patient, About and Feedback
Sessions.

Figure 2: The About Graphical User Interface

In figure 3, the Admin will need to login a registered username and a password before given authorization. By access control
only an administer doctor on duty can use the administrator session. Hence, not all doctors on duties can access the admin
session.

156
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 3: The Administrator Login Session

At the click of login in figure 3 above, the next windows form in figure 4 is shown, provided the admin username and password
are correct else the admin login stage remains the same. The form is used to register hospital and staff and save the information in
the database.

Figure 4: The Administrator Session

At the click of patient’s button in figure 2 on the home windows screen, figure 5 appears. Only a registered patient’s fingerprint
can be used to authenticate or access the patient’s e-health record as described below.

157
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 5: Enrollment and Verification interface.

To enrol a new patient fingerprint, click on fingerprint enrolment, the fingerprint enrolment dialog box appears as shown below
in figure 6 below.

Figure 6: Ten fingers for enrolment.

On the right “hand,” click the index finger. A second fingerprint enrolment dialog box will appear as shown in figure 7 below.
The fingerprint reader is then used to scan your right index fingerprint and the process is repeated four (4) times until the Success
message appears.

158
1
Vol 8. No. 2 Issue 2 – August, 2015 5
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 7: Success Massage after enrolling the right index fingerprint

In the message box, click OK. The Enrolment was successful message appears as shown in figure 8, and then Click OK to finish
the patient enrolment process. Thus, the process can be repeated for the ten (10) fingerprint index

Figure 8: Message box for successful enrolment

The fingerprint template of the patient is now loaded to be saved, read or verify as shown in figure 9. However, to verify the
patient identity a fingerprint reader is required.

159
1
Vol 8. No. 2 Issue 2 – August, 2015 6
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 9: Patient’s fingerprint template for verification.

To verify patient fingerprint: Click on Fingerprint Verification, then the Verify Your Identify dialog box will appear as shown
below in figure 10.

Figure 10: Patient’s Identity Verification

Using the fingerprint reader to verify unregistered patient, hence, if a patient has not earlier registered or enrolled the retry
message appears which indicates that the patient’s fingerprint was not verified due to false accept rate (FAR) or false reject rate
(FRR).

160
1
Vol 8. No. 2 Issue 2 – August, 2015 6
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 11: Retry Message after a fail verification.

The fingerprint verification process uses the fingerprint reader to compare the patient’s fingerprint data to the fingerprint template
produced at enrolment. As shown in figure 12, a success massage appears if the two fingerprint matches.

Figure 12: Success message after a match

At the click of OK button in the success dialog box, figure 13, 14 and 15 appears, which display the patient’s e-health record and
it is divided into Patient Bio-data, Patient Record and Medical History using Tab Control Tools. The patient e-health record form
can be edited, printed, upgraded and saved in a secured database system. The home button can be used to log out the patient’s e-
health record.

161
1
Vol 8. No. 2 Issue 2 – August, 2015 6
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 13: The Patient Bio-Data.

Figure 14: The Patient Record.

162
1
Vol 8. No. 2 Issue 2 – August, 2015 6
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

Figure 15: The Patient Medical History

5. CONCLUSION

In this work, a secured cloud-based electronic health record system using fingerprint biometric and attribute-based encryption has
been designed and implemented. The user, such as a doctor or any other authorized individual is provided with a medical record
management system that can be used to record, retrieve and manage the medical records of patients in a hospital and at the same
time, share these records with other hospitals or clinics. Access to the e-health record is been controlled by the patient’s
fingerprint data presented at the point of enrollment/verification and attribute-based encryption technique was integrated to
provide additional level of security These records can be shared for medical purposes between sharing hospitals thereby
facilitating quick and smooth delivery of healthcare services to patients in emergency situations or those who cannot cope with
the rigor of moving about with their medical records. It also provides a databank for hospitals to keep an up-to-date medical
history of all their patients.

In future, it might also be necessary to hybridized biometric features for better performance.

163
1
Vol 8. No. 2 Issue 2 – August, 2015 6
African Journal of Computing & ICT

© 2015 Afr J Comp & ICT – All Rights Reserved - ISSN 2006-1781
www.ajocict.net

REFERENCE

[1] Abayomi-Alli A., Ikuomola A.J., Robert I.F. and Olusola [11] Padhy R.P., Patra M.R. and Satapathy S.C., (2012),
O., (2014), “An Enterprise Cloud-Based Electronic “Design and Implementation of a Cloud based Rural
Health Records System,” American Research Institute Healthcare Information System Model” UNIASCIT, 2
for Policy Development, Journal of Computer Science (1), 149-157.
and Information Technology, 2(2), 21-36. [12] Xavier N. and Chandrasekar V., (2013) “Security of PHR
[2] Adebayo K. J. and Ofoegbu E. O. (2014). Issues on E- in Cloud Computing by Using Several Attribute Based
health Adoption in Nigeria. I. J. Modern Education and Encryption Techniques,” International Journal of
Computer Science, 2014, 9, 36 - 46. Communication and Computer Technologies, 01(72).
[3] Banerjee A., Agrawal P. and Rajkumar R., (2013),
”Design of a Cloud Based Emergency Healthcare
Service Model,” Research India Publications,
International Journal of Applied Engineering Research,
8(19).
[4] Benaloh J., Chase M., Horvitz E. and Lauter K., (2009),
“Patient controlled encryption: ensuring privacy of
electronic medical records,” in CCSW 09, 103 – 114.
[5] Diaz-Palacios J.R., Romo-Aledo V.J. and Chinaei A.H.,
(2013), “Biometric Access Control for e-Health Records
in Pre-hospital Care,” EDBT/ICDT '13, 18 – 22.
[6] Huda M.D.N., Sonehara N. and Yamada S. (2009). “A
Privacy Management Architecture for Patient-
Controlled Personal Health Record System, “Journal of
Engineering Science and Technology, 4(2), 154 – 170.
[7] Korde P., Panwar V. and Kalse S., (2013), “Securing
Personal Health Records in Cloud using Attribute Based
Encryption”, International Journal of Engineering and
Advanced Technology (IJEAT), 2(4)
[8] Krawczyk S. and Jain A.K., (2005) “Securing Electronic
Medical Records using Biometric Authentication,”
Michigan State University, East Lansing MI 48823,
USA,
[9] Lohr H., Sadeghi A. and Winandy M. (2010). Securing
the E-Health Cloud. Proceeding of the 1st ACM
International Health Information Symposium.
[10] Md. Fakhrul A.O., Sabir S., Al-Musawi S. and Anam K.
and Rashid N., (2012), “A Secured Cloud based Health
Care Data Management System,” International Journal
of Computer Applications, 49(12), 0975 – 8887.

164

View publication stats

You might also like