A New Security Model using Multilayer Approach for E-Health Services

Problem statement: Delivering services online is important in e-health. Services that are delivered through online communications between engaging parties, often involve sensitive information transmitted over the Internet. However, while the Internet successfully facilitates these services, significant threats also come in parallel. Network attacks, information breaches and malicious software on a computer system are common threats to the Internet. These threats can cause severe damage to computer systems and also the information. As we study current security technologies particularly that provide security to online communications, we found out that these technologies do not cater for different kinds of security needs because of the rigid way the security mechanisms are constructed. Therefore, we are interested in developing a security model that facilitates these needs, specifically in e-health. Approach: First, the area where different security requirements are needed are explored, such as the information classification found in ISO17799. This classification is based on the sensitivity levels of the information, where the more sensitive information requires higher security measures compared to the less sensitive information. Then, the information classification is applied to the e-health environment, so that our security model can handle the security processes for each classification. Results: The multilayer communication approach or MLC is the proposed security model. MLC classifies communications in e-health into five categories: Layer 1 to Layer 5 representing extremely sensitive, highly sensitive, medium sensitive, low sensitive and no sensitive data. This classification refers to the different sensitivity of the information exchanged during communications. For example, Extremely Sensitive communication involves exchanging extremely sensitive information, which requires highest security mechanisms, while Low Sensitive communication requires lower security mechanism. Conclusion: MLC provides five different types of security needs, where users can flexibly choose their own security preferences for their online communications, which the current technologies are lacking.

[1]  Seyed A Shahrestani,et al.  Ubiquitous Health Monitoring Systems: Addressing Security Concerns , 2011 .

[2]  Vipul Gupta,et al.  KSSL: experiments in wireless internet security , 2001 .

[3]  Yuguang Fang,et al.  HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare , 2011, 2011 31st International Conference on Distributed Computing Systems.

[4]  W.D. Yu,et al.  A web-based wireless mobile system design of security and privacy framework for u-Healthcare , 2008, HealthCom 2008 - 10th International Conference on e-health Networking, Applications and Services.

[5]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[6]  Milan Markovic On Secure e-Health Systems , 2006, Privacy in Statistical Databases.

[7]  Wanli Ma,et al.  A Multi-agent Security Framework for e-Health Services , 2007, KES.

[8]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[9]  Tom Cross,et al.  Emerging Cyber Threats Report for 2009 , 2008 .

[10]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[11]  Ramon Martí,et al.  Network and Application Security in Mobile e-Health Applications , 2004, ICOIN.

[12]  Jeff Wilson,et al.  Securing a wireless network , 2002, SIGUCCS '02.

[13]  R. Colemon Securing Wireless Networks , 2004 .

[14]  Dan Ionescu,et al.  Privacy and security shield for health information systems (e-Health) , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[15]  O. Bratislava Practical cryptography-the key size problem : PGP after years , 2001 .

[16]  Hossein Bidgoli The Internet Encyclopedia , 2003 .

[17]  Klaus Wehrle,et al.  Security for pervasive healthcare , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.

[18]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[19]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .