You are on page 1of 6

,QWHUQDWLRQDO6HPLQDURQ,QWHOOLJHQW7HFKQRORJ\DQG,WV$SSOLFDWLRQ

Implementation of RSA 2048-bit and AES 256-bit


with Digital Signature for Secure Electronic Health
Record Application
Mohamad Ali Sadikin Rini Wisnu Wardhani, MT.
Faculty of Engineering National Crypto Institute
National Crypto Institute Bogor, Indonesia
Bogor, Indonesia rini.wisnu@stsn-nci.ac.id
mohamadalisadikin@gmail.com

Abstract—7KLV UHVHDUFK DGGUHVVHV WKH LPSOHPHQWDWLRQ Perceived benefits are increasing availability of electronic
RI HQFU\SWLRQ DQG GLJLWDO VLJQDWXUH WHFKQLTXH IRU HOHFWURQLF patient records in hospitals, improving the efficiency in the
KHDOWK UHFRUG WR SUHYHQW F\EHUFULPH SUREOHP VXFK DV health care retrieval process [1], facilitating retrieval of
UREEHU\ PRGLILFDWLRQ DQG XQDXWKRUL]HG DFFHVV ,Q WKLV patient information [2], easy access to patient information
UHVHDUFK 56$ ELW DOJRULWKP $(6 ELW DQG that ultimately help in clinical decision-making, reducing
6+$  ZLOO EH LPSOHPHQWHG LQ -DYD SURJUDPPLQJ operational impact cost and earnings improvement in health
6HFXUH (OHFWURQLF +HDOWK 5HFRUG ,QIRUPDWLRQ 6(+5  care facilities, especially for hospitals [4].
DSSOLFDWLRQ GHVLJQ LV LQWHQGHG WR FRPELQH JLYHQ VHUYLFHV
VXFK DV FRQILGHQWLDOLW\ LQWHJULW\ DXWKHQWLFDWLRQ DQG An EHR should only be accessed and shared by
QRQUHSXGLDWLRQ &U\SWRJUDSK\ LV XVHG WR HQVXUH WKH ILOH authorized health care providers such as doctors, nurses, lab
UHFRUGV DQG HOHFWURQLF GRFXPHQWV IRU GHWDLOHG LQIRUPDWLRQ technicians due to its function to record any critical
RQ WKH PHGLFDO SDVW SUHVHQW DQG IXWXUH IRUHFDVWV WKDW KDYH information considering for every patient. That critical
EHHQ JLYHQ RQO\ IRU WKH SDWLHQWV 7KH GRFXPHQW ZLOO EH information such as the enforcement of diagnosis, therapy,
HQFU\SWHG XVLQJ DQ HQFU\SWLRQ DOJRULWKP EDVHG RQ avoids allergic reactions and drug duplication. [6]. This is
1,67 6WDQGDUG ,Q WKH DSSOLFDWLRQ WKHUH DUH WZR VFKHPHV consistent with ethical considerations in the application of
QDPHO\ WKH SURWHFWLRQ DQG YHULILFDWLRQ VFKHPH 7KLV UHVHDUFK information technology, where all health care providers have
XVHV EODFNER[ WHVWLQJDQGZKLWHER[WHVWLQJWRWHVWWKHVRIWZDUH
a moral code that need to balance patient privacy with care
LQSXW RXWSXW DQG FRGH ZLWKRXW WHVWLQJ WKH SURFHVV DQG
needs, including access to records of patients [7].
GHVLJQ WKDW RFFXUV LQ WKH V\VWHP:H GHPRQVWUDWHG WKH
LPSOHPHQWDWLRQ RI FU\SWRJUDSK\ LQ 6HFXUH (OHFWURQLF Recent paper research proposed that PKI (Public Key
+HDOWK 5HFRUG ,QIRUPDWLRQ 6(+5  7KH LPSOHPHQWDWLRQ Infrastructure), symmetric key and login password for
RI HQFU\SWLRQ DQG GLJLWDO VLJQDWXUH LQ WKLV UHVHDUFK authentication are used for the security of the EHR [20].
FDQ SUHYHQW DUFKLYH WKLHYHU\ ZKLFK LV VKRZQ RQ Based on ISO/TS 18308 [19] standard, the primary purpose
LPSOHPHQWDWLRQDQGLVSURYHQRQWKHWHVW of the EHR is to provide a documented record of care which
.H\ZRUGV² (OHFWURQLF 0HGLFDO 5HFRUG 'LJLWDO 6LJQDWXUH supports both present and future care received by the patient
&U\SWRJUDSK\RQ-DYD3URJUDPPLQJ from the same or other clinicians or care providers. This
I. INTRODUCTION documentation provides a mean of communication among
clinicians contributing to the patient’s care.
Medical records based on paper still have some flaws and
problems. Those problems occur ranging from physical In this paper, EHR was designed and built using digital
security, requiring storage area resource, difficult to transfer signature and file encryption. Digital signature and file
or communication the information, easily damaged and encryption are used not only to solve confidentiality, data
destroyed. If the storage process is not stated properly, then it integrity, availability, non-repudiation, and authentication
will be complicate the search process (information retrieval). problem but also to prevent robbery, modification and
In addition to the many possible disasters, Health Record unauthorized access. Secure Electronic Health Record
Information is a personal data for someone and human life. Information (SEHR) is a secure electronic health record
For that, we need a solution to resolve the issue. which uses RSA 2048 bit [16], AES 256 bit [15] and SHA
256-bit algorithm that is implemented in Java programming.
The process of manually organizing and managing on The cryptography aspect is expected to ensure the file
paper media has a few shortcomings in the aspect of records and electronic documents on patient’s identity,
information security that is confidentiality, data integrity, examination, treatment, action and service given and the
availability, non-repudiation, and authentication [13]. The authorized person.
electronic health records (EHR) has great benefits to health
services such as primary and referral service facilities
(hospitals).

‹,((( 
II. FUNDAMENTAL THEORY • Compute and .
A. Electronic Health Record • Choose a random integer e, , so that
Electronic Health Record (EHR) is a comprehensive .
patient's health information electronic record which is the
integration of multiple health information databases. • Use Extended Euclidean Algorithm to compute d
Information provided includes patient demographics, where , so that .
progress notes, problems, medications, vital signs, past • Public key : ; private key :
medical history, immunizations, laboratory data and
radiology reports [8]. 2) Signing
The electronic health record includes all information • Compute , an integer in range
contained in a traditional health record including a patient’s
health profile, behavioral and environmental information. • Compute
The EHR also includes the dimension of time, which allows • A’s Digital Signature for :
inclusion of information across multiple episodes and
providers, which will ultimately evolve into a lifetime record 3) Verification
[5]. The EHR defined here contains all personal health
information belonging to an individual; Is entered and • Getting A’s public key:
accessed electronically by healthcare providers over the • Compute
patient’s lifetime; and Extends beyond acute inpatient
situations, including all ambulatory care settings at which the Verification of s and sƍ: if the value of s = sƍ then the
patient receives care [9]. digital signature is authentic.
Based on the Regulation of the Minister of Health about C. Advanced Encryption Standard (AES)
the filling of medical records, it is stated that legal sanction
can be given for the hospital or health workers who heed and AES is a block cipher algorithm which is intended to
do mistakes in filling the pages of medical records [14]. replace DES algorithm as a standard recognized for some
applications [11]. AES is also a standard algorithm for data
B. Digital Signature encryption and decryption (Eric Conrad, Advanced
Cryptography focuses on the issue of maintaining the Encryption Standard). In this research AES is used because
confidentiality of an information by using methods and due to its advantages to secure documents and is proven to be
mathematical techniques that include confidentiality, the data safe based on NIST Standard [15]. The AES algorithm
integrity, entity authentication, and data origin authentication outline is as follows:
[10].
RSA Algorithm (Rivest, Shamir, Adleman) is an
asymmetric cryptographic invented by Rivest, A. Shamir,
and L. Adleman in 1997 [10]. In this research, RSA
algorithm is applied as a digital signature scheme. The RSA
algorithm is used due to its fast computation compared to
ECDSA and DSA [17].

Fig. 2. Encryption Process Diagram [12]

For the decryption process, inverse process is used at the


transformation stage. The process starts from InvSubBytes,
InvShiftRows, and ends in InvMixColumns. Because of this,
Fig. 1. Digital Signature Scheme [18] S-box for encryption and decryption are different. In the
decryption process, the used S-box is the inverse S-box.
In the process of signature generation and verification,
entity A marks message m ‫ א‬. Entity B can verify A's D. Secure Hash Algorithm 256 bit (SHA)
signature and return message m from the signature. SHA-256 is used to generate hash value from the
1) Key generation in RSA Digital Signature message , with length bit, where . This
• Determine randomly two large prime numbers p and algorithm uses:
q.


,QWHUQDWLRQDO6HPLQDURQ,QWHOOLJHQW7HFKQRORJ\DQG,WV$SSOLFDWLRQ

1) Message Schedule from 64 words 32-bit. Words of signature calculations using a public key that has been
message schedule are labeled as . generated and stored in the protection stage is performed.
2) Eight 32 bit variabels, labeled as and The verification process is the process of calculating the
. digital signature value of the hashed document using public
3) The has value of eight 32-bit words are labeled as key. If appropriate, it will display a notification that the
. document is successfully decrypted and proven to be
Preprocessing consists of three steps, namely message authentic. If it does not match, the notification will show that
padding, split up the message into message blocks, and set the document was not authentic or has been a change.
the initialization hash value . Then proceed with to the
SHA-256 computing process.
III. SECURE ELECTRONIC HEALTH RECORD
APPLICATION
A. General Description The Application
Secure Electronic Health Record application is an
application that applies the concept of digital signatures
using RSA algorithm and SHA-256 while for the encryption
process, AES-256 block cipher algorithm is used.
The application will be implemented in Java
programming language that guarantees the integrity,
confidentiality, authentication and non-repudiation. Java
language is used because it is more mobile, multi-platform,
object oriented, portable, and open source. It has two
schemes which are the protection scheme and verification
scheme. It is assumed that the protection and verification
processes are contained in one application The protection Fig. 4. Verification Scheme
step is on the tab SIGN & ENCRYPT while the verification
process is on the VERIFICATION tab. B. Implementation of Secure Electronic Health Record
Application (SEHR)
1) Signing and Encryption scheme : On the protection
schemes, there are two processes running, the securing The implementation of digital signature File Encryption
includes steps using SEHR application. Steps in the
process (encryption) and the authenticating process (signing).
implementation of SEHR application are as follows:
The generation of the private key and public key is done
before the encryption and signing process executed. The 1) Login process: When the user runs the application,
scheme of securing and authenticating documents is done in Welcome message will appear to start log in process. User
a simple manner as shown in fig 3. needs to fill the USERNAME and PASSWORD fields. By
pressing the LOGIN button, the login process will be
executed. The application will verify the username and
password submited by the user. If the password corrects, the
application main view will be displayed. However, if the
username, password, or both incorrect, then notification
appears and user cannot access to the next application
process. Following is a snippet from the source code of
Class login ():

String UserName = jTextField1.getText();


String Password = jPasswordField1.getText();
if(UserName.equals("dikin")&&(Password.equals("123456
"))){ JOptionPane.showMessageDialog(null,"LOGIN
SUCCESS"+"\n WEL
COME TO Electronic Medical Record Application"+"\n
Application by: MOHAMAD ALI SADIKIN"+"\n
Fig. 3. Encryption and Signing Scheme SEKOLAH TINGGI SANDI NEGARA"+"\n 1413101075", "file"
,JOptionPane.INFORMATION_MESSAGE);
2) Verification Scheme : The verification process is done dispose(); new latjab().setVisible(true);}
by reversing the signing process. File is first decrypted using else{
JOptionPane.showMessageDialog(null,
a key that has been used previously in the encryption "WHO ARE YOU ?? I DON’T KNOW YOU ( -_-')",
process. After this process, the file is hashed and then digital "ERROR !!",JOptionPane.ERROR_MESSAGE);}}

‹,((( 
3) Signing and Encryption: User needs to input
document in the field FILE to start the signing and
encrypting process. Furthermore, the user input the key in the
field INPUT KEY. To encrypt the document user needs to
press the ENCRYPT button. When the user pressing SIGN
button, signcrypt method will be running and the document
has been signed and encrypted. Following is a snippet from
the source code of Class signcrypt and the application view
when the application executes the signing and encryption
process.

Fig. 5. Login System Class signcrypt{Private void


jButton4ActionPerformed(java.awt.event.ActionEvent
2) Generate RSA Key : User generate key by pressing evt) { String kunciaes=jTextField2.getText();
File file = new File(NamaFile);
Generate RSA KEY button. In the applications secure try {pesanstring = FileUtils.readFileToString(file);
random is used to generate RSA private key and public key } catch(IOExceptionex)
parameters. Furthermore, by pressing the SAVE button, the {Logger.getLogger(latjab.class. getName ()).log
private key and public key will be stored on the file (Level.SEVERE, null,
ex);}try{pesanterenkrip=AES.encryptAES(pesanstring,ku
extension * .txt and a notification that the private key and nciaes);}catch(Exceptionex){Logger.getLogger(latjab.c
public key have been successfully generated and stored is lass.getName()).log(Level.SEVERE, null, ex);
displayed. Folowing is a snippet from the source code of }String aku= "e:/LSM1";File file1=new
File(aku,"encryptedaes.txt");
Class RSA and the view of application when RSA key
try { FileUtils.write(file1, pesanterenkrip);
generated. }catch(IOExceptionex){Logger.getLogger(latjab.class.g
etName()).log(Level.SEVERE, null, ex); } }
public class RSA { private void jButton5ActionPerformed
private BigInteger p; private BigInteger q; (java.awt.event.ActionEvent evt) {try
private BigInteger N; rivate BigInteger phi; private {b.encrypt(a.k);
BigInteger e; private BigInteger d; private int JOptionPane.showMessageDialog(null,"FILE SUCCESSFULLY
bitlength = 1024; private int blocksize = 256; SIGNED AND ENCRYPTED",
//blocksize in byte "DONE",JOptionPane.INFORMATION_MESSAGE);}
private SecureRandom r; BigInteger pesan; String catch (IOException ex) {
Privat; String Public; string g; BigInteger Logger.getLogger(latjab.class.getName()).log(Level.SE
s,v;String y; public RSA(){ r = new SecureRandom(); VERE, null, ex);
p = BigInteger.probablePrime(bitlength, r); }}
q = BigInteger.probablePrime(bitlength, r);
N = p.multiply(q);
byte [] byt=p.toByteArray(); phi=
p.subtract(BigInteger.ONE).multiply(q.subtract(BigInt
eger.ONE)); e = BigInteger.probablePrime(bitlength/2,
r); while(phi.gcd(e).compareTo(BigInteger.ONE) > 0 &&
e.compareTo(phi) < 0 ) { e.add(BigInteger.ONE); }
d = e.modInverse(phi); Public=e.toString();
Privat=d.toString() }
public RSA (BigInteger e, BigInteger d,
BigInteger N) {
this.e = e; this.d = d; this.N = N; }

Fig. 7. Signing and Encryption on SEHR Application

The output of this process stored in a location where the


document was taken with a different file name with the
original file. Signed and encrypted files are stored as a file
Fig. 6. Generate RSA Key extension *.txt. Furthermore, these files will be used in the
verification process.


4) Verification : Implementation of verification scheme IV. RESULT
is made separately with the protection schemes even though Black-box testing, and White box testing conducted to
they are contained in a single application. To run the test software in terms of functional input, output and code.
verification process it takes three inputs which are a
document file that has been encrypted (file results from A. Black-box Testing
encryption process with extension * .txt), the signature file The black-box approach is a testing method in which test
(file output from signing process with extension * .txt), and data are derived from the specified functional requirements
the key to decrypt the encrypted file. In this process, the user without regard to the final program structure [21]. It is also
is asked to input encrypted file documents, digital signature, termed data-driven, input/output driven [22], or
decryption keys and then press the Verify button. After that, requirements-based [23] testing. In this paper the black-box
the application will verify the digital signature. The output of testing is presented in the following table:
this process is a notification wether the verified decrypted TABLE I. BLACK-BOX TESTING ON SIGNING AND ENCRYPTION
document is same as the original. Following is a snippet from
the source code of Class verification and the application view No Input Given Output Expected
when the verification process is executed. User input The system checks the username
username, and password. If the username
Private void jButton10ActionPerformed(java.awt.event.ActionEvent 1. password, and and password are approperiate
evt){ press LOGIN according to the database, it will
String kunciaes=jTextField5.getText(); button go to the application
try { pesandekrip=AES.decryptAES(pesanterenkrip, kunciaes); User press Application show key pair of RSA
} catch (Exception ex) { 2. generate RSA key
Logger.getLogger(latjab.class.getName()).log(Level.SEVERE, null, ex); KEY button
} System.out.println("pesan hasil dekripsi = "+ pesandekrip);} User press The system save key pair on the
private void 3. SAVE button database
jButton8ActionPerformed(java.awt.event.ActionEvent evt) {
try { b.dekrip();} catch (IOException ex) { User press The application show hash value
Logger.getLogger(latjab.class.getName()).log(Level.SEVERE, 4. HASH button of message and save it into
null, ex); } database
if (b.v.equals(a.k)) { JOptionPane.showMessageDialog(null, User input key The application show the key,
"DOCUMENT IS AUTHENTIC\n" 5. and press encrypt the message with AES-
+ "FILE SUCCESSFULLY DECRYPTED\n", "VERIFIED", ENCRYPT 256 bits and save the cipher text
JOptionPane.INFORMATION_MESSAGE); button into database
} else { JOptionPane.showMessageDialog(null, "DOCUMENT IS NOT The application will show
AUTHENTIC\n" + "FILE UNSUCCESSFULLY DECRYPTED\n",
6. User press notification that file is succesfully
"UNVERIFIED", JOptionPane.ERROR_MESSAGE); } } SIGN button encrypted and signed. Then
signature is saved into database

TABLE II. BLACK-BOX TESTING ON VERIFICATION

No. Input Given Output Expected


1. User press The application show the
BROWSE encrypted and signed file.
button
2. User input key Application show the key, decrypt
and press the file and saved it into database.
decrypt button
3. User press The system show notification that
VERIFICATI file is succesfully decrypted and
ON button is authentic.
The result of black-box testing shows that all output is
exactly to what are expected.
B. White-box Testing
Fig. 8. Verification on SEHR Application White-box testing is testing that takes the internal
mechanism of a system or component into account [24].
On verification process source code pieces and figure, it In the development of this software, white box testing is
can be seen that in order to verify the documents it takes done by using Kilo Lines of Code calculation mechanism.
three documents which are the decrypted document, For that, first, calculating the lines of code for each file that
signature, and public key. If one among those there is not containing program code. Amount of code in each file are
appropriate, then the document will not be verified. It can be presented in following table:
stated that the verification failed.


TABLE III. TESTING OF CORRECTNESS ASPECT
REFERENCES
File’s Name Amount of lines Code
Folder/src [1] Wilcox L. Using the Electronic Medical Record to Keep Hospital
AES.java 68 Patients Informed. Sciences-New York [Internet]. 2010;11–4.
[2] Chnipper JELS, Inder JEAL, Alchuk MABP, Inbinder JOSE, Ostilnik
RSA.java 127 ANP, Iddleton BLM, et al. “ Smart Forms ” in an Electronic Medical
SHA.java 40 Recordௗ: Documentation-based Clinical Decision Support to Improve
Login.java 150 Disease Management. Journal of the American Medical Informatics
Association. 2008;15(4):17–20.
Main.java 600 [3] Dinevski D, Bele U, Šarenac T. Clinical decision support systems.
Folder/nbproject Studies in health technology and informatics. 2013 Jan;183:105.
Build-impl.xml 1430 [4] Spruell, James; Vicknair, David; Dochterman S. Report Information
from ProQuest. Proquest. 2013;(February).
Project.xml 10 [5] Mon, DT. Defining the Differences between the CPR, EMR, and EHR.
Private.xml 5 Journal of AHIMA. October 2004; 75/9, 74.
Total of Lines Code 2430 Line of code [6] Garets&Davis. (2006). Electronic Medical Records vs. Electronic
Health Records: Yes, There Is a Difference. Diperoleh melalui
Total of KLOC 2.430 KLOC http://www.himssanalytics.org. Diakses tanggal 30 Oktober 2011.
[7] Kozier, B. (2007). Praktik Keperawatan Profesional: Konsep dan
Based on the lines of code calculation in the source code Perspektif . Jakarta: EGC
of Secure Electronic Health Record application using the [8] National Center for Health. (2006). Electronic Health Records
Overview. Diperoleh melalui www.himss.org/. Diakses tanggal 15
Java programming language, the value in 2430 of LOC or Oktober 2011
2.430 of KLOC is obtained. Then the values inserted into the [9] World Health Organization. 2006. Electronic Health Records: Manual
KLOC calculation model as shown in the following table: for Developing Countries : WHO Library Cataloguing in Publication
Data
TABLE IV. METHOD OF CORRECTNESS CALCULATION [26] [10] Menezes, Alfred J dkk.1997. Handbook of Applied Cryptography.
Florida: CRC
Method Formula [11] Stalling, William. Cryptography and Network Security 4th Edition,
Prentice Hall. 2005.
Walston-Felix Model [12] Munir, Rinaldi. 2004. Otentikasi dan Tanda Tangan Digital.
Bailey-Basili Model Departemen Teknik Informatika Institut Teknologi Bandung.
[13] Setiawan, Mahful Hudha. 2011. Perancangan Secure Electronic Health
Boehm simple Model Record Information System (Studi Kasus : Rumah Sakit Pusat
Doty model for KLOC> 9 Angkatan Darat Gatot Soebroto). Sekolah Tinggi Sandi Negara
(for code more than 9000 [14] Peraturan Menteri Kesehatan Republik Indonesia Nomor
269/MENKES/PER/III/2008 tentang Rekam Medis
lines) [15] NIST Special Publication 800-21A. 2005. Guideline for Implementing
Doty Model is not used because total of code are less than Cryptography In the Federal Government.
9000 lines. Folowing table are the results of correctness [16] NIST Special Publication 800-131A. 2011. Recommendation for
Transition the Use of Cryptography Algorithms and Key Lenghts.
calculations testing using the Waltson-Felix, Bailey-Basili [17] Singh, Preet Simar. Maini, Raman. 2011. Comparison Of Data
and Boehm methods: Encryption Algorithms.-International Journal of Computer Science and
Communication. Univecity, India: Patiala.
TABLE V. RESULT OF CORRECTNESS CALCULATION TESTING [18] Sumarkidjo, dkk. 2007. Jelajah Kriptologi : National Crypto Agency
[19] ANSI, ISO/TS 18308 Health Informatics-Requirements for an
Method Result Electronic Health Record Architecture, ISO 2004.
Walston-Felix Model [20] Zhang, Rui, Ling Liu. Security Models and Requirements for
= 11.67 Healthcare Application Clouds: Georgia Institute of Technology
Bailey-Basili Model [21] William E. Perry. 1990. A standard for testing application software
[22] Myers, Glenford J., The art of software testing, Publication info: New
Boehm simple Model York : Wiley, c1979. ISBN: 0471043281 Physical description: xi, 177
= 8.29 p. : ill. ; 24 cm.
The obtained error density value was 11.67, 7.54 and 8.29 [23] Hetzel, William C., The Complete Guide to Software Testing, 2nd ed.
with size of project less than 16,000 lines of code, then the Publication info: Wellesley, Mass. : QED Information Sciences, 1988.
value of the error density is in the range 0-40 per KLOC ISBN: 0894352423.Physical description: ix, 280 p. : ill ; 24 cm.
[24] IEEE. (1990). IEEE Standard Glossary of Software Engineering
error as stated by Steve McConnell [25]. Therefore, it can be Technology. New York: IEEE.
concluded that the application of Secure Electronic Health [25] McConnell, S. (2004). Code Complete, A Practical Handbook of
Record Using Java Programming Languages has meet the Software Construction : 2nd Edition. Microsoft Press.
standards of software quality for correctness aspect. [26] Pressman, R. S. (2010). Software Engineering: A Practitioner’s
Approach, (7th Ed). New York: McGraw-Hill Companies.
V. CONCLUSION
Encryption could be implemented on Secure Electronic
Health Record as shown on Java implementation and proved
on the testing. The result of black-box testing shows that all
output is exactly to what are expected. White box Testing
shows that the obtained error density value was 11.67, 7.54
and 8.29 with size of project less than 16,000 lines of code.