Advancements in modern software applications

Advancements in modern software applications

Introduction

Advancements in modern software applications necessitate the enhancement of cybersecurity algorithms. Apps have become more robust and highly integrated, serving millions of people in different sectors of the public and government. The Australian My Health Record (MHR) system is one of the nationwide health management systems created to centralize and manage health information. Electronic health Systems (EHS) such as the Australian My Health Record system collect, store, and control access to medical health records for patients (Alharbi, 2017). One key component for EHS is security due to the sensitive and confidential nature of the information stored. Modern EHS systems integrate and share information with other IT systems used in hospitals and pharmacies, making cryptography an essential part of the communication between these systems, the users, and other systems sharing the data.  This paper identifies some cybersecurity algorithmic requirements and discusses the application of relevant symmetric and asymmetric key cryptography algorithms for the Australian MHR.

Description

Activity 1

The Australian MHR has several use cases that streamline the process of information access for both the patients and the healthcare providers. Use cases are the set of activities that users of the MHR system can perform in to achieve particular goals.

Setting Limited Document Access

The Australian MHR gives users the ability to control and limit access to specific information in the system.

Removing a Document

The Australian MHR provides the users with the privilege to change the access rights granted to specific documents in the system, including removals.

Adding an Advance Care Plan

The MHR allows users to upload ‘living wills,’ which are, therefore, available to doctors during emergency care procedures.

View Pathology and Diagnostic Imaging Results

Records concerning pathology results and diagnostic imaging results such as blood tests, CT scans, and other tests concerning a patient’s health can be stored securely in the Australian MHR (My Health Record – Australian Digital Health Agency).

Register a Child

The Australian MHR provides a platform for the users to create an account for their children and siblings where medical records for minors can be stored securely.

Misuse Cases

In some cases, healthcare providers with access to patients’ medical files may share this information with third parties without consent.

The users may also add irrelevant information and documents to the system.

Some users may add irrelevant personal notes into the system, reducing the reliability of the information.

Emergency information may also be restricted due to excessive access control set by the patient.

In some other cases, patients add an excessive number of people into their accounts.

Selected Use Case: Uploading an Advance Care Plan

The patient logs in to the MHR using the correct credentials.

The user then selects their record.

From the ‘Documents’ tab, the user selects the ‘Advance Care Planning’ link.

The user then clicks on the ‘Add an Advance Care Planning Document’ link.

The user clicks on the ‘Select PDF file to Upload’ button and then clicks the ‘Browse’ link to find the file to upload.

The user is then required to enter the date that the file was last modified.

The name and number of the person who wrote the document is filled out next.

The user then clicks the ‘Next’ button to finalize the upload.

The flow chart representing the process is shown below:

Activity 2

Information technology emphasizes on data security alongside network security during the development and transfer of information in computer systems (Santoso et al., 2018). One way in which IT systems secure communication between users is through cryptography. Cryptography refers to the techniques used to add security to messages from the sender to the recipient to avoid interference by third parties (Santoso et al., 2018). The two components used in cryptography are the algorithm for encryption and the key (Hercigonja, 2016). Cryptography algorithms are classified as either symmetric or asymmetric based on their type. Symmetric algorithms use one key to encrypt and decrypt messages. Asymmetric algorithms use two keys, one to encrypt and another key to decrypt the message. Examples of symmetric key algorithms include AES and DES (Santoso et al., 2018). In asymmetric key algorithms, one key is available publicly while the user retains the private key. Examples of asymmetric key algorithms include Diffie-Hellman and RSA.

Reflection On the Use of Cipher Substitution Algorithms

Ciphers refer to the specific steps used in the encryption and decryption of messages sent through a channel. Traditionally, all ciphers relied on the symmetric key algorithm, including both variants of the Vigenere cipher, Ceaser cipher, and the simple substitution cipher. The MHR system relies on secure communication between the users and the healthcare providers. The system, therefore, relies on single key cryptography to secure all its messages. Although cipher substitution algorithms provide reliable security during the transfer of information, more robust cryptography algorithms based on the asymmetric keys are more suited for sensitive data such as medical records. The Australian MHR, therefore, does not employ this method of encryption due to the low level of security it provides when compared to more recent algorithms of encryption.

Reflections On Using Public and Private Keys for Communication

Asymmetric key algorithms provide more secure encryptions during communication due to the use of two different keys, one of which is private (Santoso et al., 2018). The MHR benefits more by using a more reliable encryption technique such as RSA due to the additional layer of security provided by the long public and secret keys. These algorithms, however, increase the overhead in the messages sent through the channel, making communication slower. The Australian MHR deals with very confidential information, and the additional cost could be an acceptable tradeoff for the extra security provided. The extra protection is based on the large prime numbers used in the encryption of the messages making it very difficult for attackers to use brute force to deduce the private key, even with the public key.

Activity 3

A Recent Cryptographic Algorithm

Finding the latest asymmetric key encryption algorithm appropriate for use in the Australian MHR required research into the innovations in this field over the last few years. We searched through the ‘Google Scholar’ database using ‘latest secure encryption algorithms’ as the keywords. The search was narrowed only to include articles published between 2016 and 2020.

The encryption algorithm chosen for this study was the AES encryption algorithm in conjunction with watermarking and chaotic encryption for the medical images. Each of the algorithms studied presented a set of strengths and weaknesses. The techniques were chosen due to their versatility and reliability.

The AES (Advanced Encryption System) is an encryption algorithm based on a principle of the symmetric keys (Santoso et al., 2018). It is an efficient algorithm for use in both software and hardware. The encryption algorithm uses fixed block sizes of 128 bits and uses keys of 128, 192, and 256 bits (Hercigonja, 2016). Digital watermarking, on the other hand, is used in image security. The technique proposed to secure MHR images relies on the chaotic encryption of digitally watermarked images to increase the security of patient reports. The method uses digital image transformations to create a watermarked picture, which is then secured using a secret key generated by the chaotic algorithm (Thakur, Singh, Ghrera, & Elhoseny, 2018).

A combination of these techniques could be used to secure the communication in the system and the images stored. The MHR system could benefit from the combination of methods proposed above to cover the overhead that would be incurred if the RSA encryption algorithm was used instead. The AES algorithm recommended uses the symmetric key algorithm with fixed-size blocks to increase the security of the messages. The overhead in this method is low, and the keys can be of varying bit sizes. The watermarking and chaotic encryption method would handle the security of images during transit since AES is only useful in securing plaintext messages. By combining these two algorithms, we could add protection to both the communication between the users and the MHR system and ensure that images stored or sent from this system are watermarked and encrypted.

Recommendation

Based on the outcomes of this study, we would recommend a review of the encryption used in the Australian MHR and any other EHS aiming to improve its encryption methods to include the watermarking and chaotic encryption algorithms for images. Most systems storing and transmitting patient photos, send them without encryption. After the review, we noted that images pose as much danger to the breach of confidentiality.

Conclusion

Cryptography is an essential component in modern communication through IT systems and has become an integral part of software and hardware design. Symmetric and asymmetric key encryption algorithms are the most common methods of encryption in use today, although researchers are innovating newer and better algorithms. This paper presents an analysis of cryptography as applied to the Australian MHR. It also proposes some new and innovative ideas on how to improve the security of the system. The recommendation made in this paper can be applied to other electronic health systems to enhance the encryption in the communication between the system and the users.

References