You are on page 1of 7

Secure and Auditable

Agent-based Communication Protocol for E-health System Framework

Periyar Maniammai University,vallam,Thanjavur.
IIIyr CSE Department

allows anyone to participate and access the data. The
Abstract: Security is essential for e-health growth of Internet and information technology has
system as it provides highly sensitive made unproblematic electronic health service that
distributed medical data and exchanged offers a scheme for the doctors to keep the records of
among the healthcare professionals, patients in an information system and make decisions
customers and providers over Internet. promptly after discussions with experts over Internet.
Thus, patients can able to get better medical services,
Internet is an open access system that
improves their relationship and provides online
allows anyone to participate and access
education through online resources. Moreover, e-
the data. Hence, it is necessary to protect
health system provides highly sensitive distributed
the data, service from the unauthorized
data that demands strong authentication and
visibility, use and also maintain a high authorization mechanisms for communication
degree of accessibility. It is achieved using between the healthcare professionals, consumers and
suitable access control policies and providers. While it is very important the manner in
techniques that enforce differentiated which the healthcare professionals that include
levels of service visibility and access to the doctors, nurses, administrative staff, support staff and
users. This paper introduces a Secure and IT staff are allowed for accessing the specific
Auditable Agent- based Communication information in the medical data for their service and
Protocol (SAACP) which performs on key also sustain the issues such as privacy and
exchange mechanism with mobile agents confidentiality [1].Internet is essential in enabling to
to reduce the delay in communication. organize, share and access to the medical services. It
Intelligent mobile agents are proposed for is required to promote secure and efficient medical
dynamically negotiating the policy of the service communication over Internet. Security
users. This protocol offers user friendly, controls must be evaluated in terms of its functional
privacy and safe communication through benefits for protecting the privacy of the consumers,
well-built secure mechanism that gives accurate information to service providers and
confident to the users and healthcare healthcare professionals. The healthcare providers are
professional to access the e-health system. responsible for defining differentiated access rules
which protect the patient data and related information
securely. In the existing access control mechanism,
Introduction the granting of access rights requires statically
binding a subject (doctor) to a target (patient data),
E-health system has been used as communication where subject and target is known in advance. A
system that enables to deliver medical service over better solution is to define the access rights in more
the Internet. Internet is an open access system that general term. The access rule is assigned to the health

an Access Control enable resource sharing between multiple Server (ACS) and a Record Tracing Server (RTS) to heterogeneous healthcare enterprises securely. The design and implementation of paper is organized as follows: Section 2 discusses the the role and privilege authentication is not discussed related work. The mobile agents mobile agent code is authenticated and the code are chosen to carry sensitive information during a requests a service from the platform to decrypt the communication in e-health system. protecting privacy in sensitive information systems using dynamic key based group management. biometric techniques. It is best suit to the system in terms of message. encryption/decryption protocols and attribute certificate based method for e-health are used to protect the mobile agent code and carried system. [13]. digital and authorization management mechanism for signatures and digital certificates [2]. This architecture provides techniques are used to protect the code of the agent secure. In this proposed frame work. 5] proposed a framework which provides secure communication for mobile e-health applications. In this protocol. Authorization is defined as a process of communication is secured from one end to the other granting permission to do or not. In this framework. Key Server (KS). certificate based method [7] into the electronic health service system is discussed in [8]. users . the mobile agent carries its threats from malicious hosts and malicious agents own protection by using disposable key pair. the above identity management. At the destination side. [2. and be capable of accessing LSGC consists of Strong Authentication performing appropriately in the new environment. To Server (SAS). but simply the desire to secured communication server acting as a relay prevent legal health professionals from “gaming” the between mobile devices and data storage. A large number of with strong standard cryptographic algorithms. Burgsteiner et al. The implementation is explained in section architecture for e-health services system that 4 and this paper is concluded with a summary in integrates the role-based method [6] and attributes section 5. [3] proposed security its code or data. To avoid the malicious code injection to the agents are also exposed to security threats. To avoid these threats. KS is based on paper introduces a communication protocol called onetime keys instead of unique key encryption key to Secure and Auditable Agent based Communication enhance security. efficient and flexible way of administration in and carried message very effectively. Agent carrying information must be protected against other malicious agents that can tamper with Song Han et al. smart cards. The proposed architecture splits into several administrative areas based on geographical location. Mobile agent is defined as a specific form of Each area has Local Secure Group Controller mobile code that can transport from one environment (LSGC) to manage sensitive information sharing and to another. hash table. SAACP architecture is discussed in in the paper. All system [3].professionals based on the latest values in the securely connected and process medical data [] Protocol (SAACP) which performs on key exchange proposed a secure communication protocol based on mechanism with mobile agents to reduce the delay in mobile agent.Rossilawathi Sulaiman et. Related Work in [9]. mobile message. Xian techniques may be used to authenticate a user such as ping Wu [4] proposed a secure authentication passwords. However. the achieving different assignments. The motivation for dynamically assigning according to current legal regulations through a the policy is not for security. which are data carried by the agent. An authorization and authentication section 3. mobile agents protection mechanisms without depending on the are encapsulated with different functionality for senders/owners platform. A finger print – based model suitable for medical images privacy protection against unauthorized recipient is discussed 2. with its data intact. With the help of this framework. The rest of the e-health system. this manage users joining and leaving. digital architecture that will integrate the role-based method signature. agent itself carries the communication.

KEYAGENT dispatch to remote CA for getting the public key of the specific healthcare professionals registered under it. and authority server. integrated e-Health information systems for the Certificate authority server is a trusted third party in provision of adapted and personalized sustainable charge of acknowledging the validity of public keys services to the citizens. a system that protects throughout the transaction. the proof of identity of the user. INFOPOLICY . dynamic. information which is available at remote site. Policy server and data server. This framework whereas in this protocol. confidential and security to all latest attribute values of the user. This server identifies the sensitive credentials and policies. The proposed secure communication protocol framework KEY AGENT: Each Certificate Authority is shown in Figure -1. proposed for authentication between the trading parties hidden credentials [11]. Policy server generates system reduces the network overhead as it needs the policy based on the attributes of the user in the fewer rounds of interaction compared to traditional data server. Policy certificate is cross verified with the help of local policy server. (CA) offers with one KEYAGENT. Generally. The policy of the user is generated at both sites and verified the consistent. The purposed of using mobile or other secrets used for authentication. Doctor wants to analysis the patient in this frame work. interoperable. Mobile agent technologies are used to Each domain consists of Certificate provide transparent.Any one policy is chosen from the set based system. PROCESSING AGENT: After receiving the public key of the recipient. Sender initiates the request by using PROCESSING AGENT to the remote CA. Data server keeps the medical data and trust negotiation. This agent activates by the CA if and only the specific healthcare professional is not a member of the CA. Furthermore. secure. Sender dispatches the POLICY AGENT to the remote CA for the level of permission to access the medical data. distributed and heterogeneous policy The term policy is defined as a set of permission framework for sharing medical information among given to the specific user for accessing the level of autonomous and disparate healthcare information information. policy is assigned statically systems in P2P environment [12]. It is also agent is to reduce cost and to deliver health care responsible for providing the necessary information services at a distance [10].PROCESSING AGENT helps to create a secure communication between the parties. POLICY AGENT: After receiving the accept message from the recipient. mobile agent is encapsulated with different functionalities and assigns to perform some This section discusses the proposed secure distinguished proposed a attributes of the healthcare professionals and patients. There are six different communication protocol SAACP between doctor and functionalities mobile agents are proposed and used patient. 3. INFOPOLICY AGENT: Remote CA Figure 1: Framework of SAACP initiates the INFOPOLICY AGENT after sending the Public key requested by the sender. on the latest values of the user. A set of policy is the healthcare professionals accessing the defined . it is assigned based on the provides privacy. Holt et al. SAACP In this frame work. Fahed Al -Nayadi et.

It carries the information to the policy remote CA. It decrypt at the receiving side by the private Key Doctor. After satisfied. Local CA collects the values of the doctor from the Data Server using (1. Remote CA checks the policy of the doctor with the generated policy using by the Local Policy Server with the help of POLICYGENAGENT. POLICYGEN AGENT: The INFOPOLICY AGENT value is copied into POLICY (1. Local CA validates the Token. the retransmission of another encrypt using Public Key LCA. Remote CA gives the Public from the POLICY AGENT and POLICYGEN Key RCA . Trust of the POLICY AGENT is questioned. It is only initiated there is a (1. POLICY AGENT from the sender is informed through VALID AGENT. After the verification.AGENT collects the latest attribute values of the Figure 1: SAACP communication protocol sender for generating the policy certificate. AGENT to the Remote CA-ID with the copy of Public key patient . Remote CA checks the code of server for generating the certificate. INFOPOLICY AGENT.a) Patient is not a member of CA. Policy is mismatched with the generated one. KEYAGENT dispatch to the remote CA along with Token. Step 4. User has being accessed the . Remote CA-ID to the KEYAGENT after AGENT differs. remote CA request the doctor by using VALID AGENT to retransmit the POLICY AGENT again. with Remote CA-ID.After validates the code of PROCESSING AGENT . the communication is disconnected. Local CA returns the same to the Doctor along from the local Certificate Authority (CA).c) KEYAGENT back to the Local difference in the policy. (1. Step 3: Doctor transmit the POLICY AGENT along with the required information to the Remote CA and policy certificate. the Remote CA sends the “accept “ message back to the Doctor . and patient at remote site based on SAACP is given as below. Patient is member of CA Step 2: Doctor dispatch the PROCESSING then the public key patient issue to the Doctor. decrypt the Public Key RCA and dispatches the The detail communication between doctor KEYAGENT along with the E public key RCA (Doctor-Id). Meantime. 4 Simulation The proposed framework is implemented as prototype in JAVA. KEYAGENT is valid or not. If it is valid. the required information is encrypted using Public Key LCA and sends to the doctor by INFORMATION AGENT. Otherwise.b) KEYAGENT arrived at the AGENT. CA.d) Remote CA decrypts the Doctor- ID and provides the Public key patient back to the Local Step1: Doctor requests the public key patient CA. KEYAGENT gives the Token to Remote CA and VALID AGENT: The policy certificates requests to sign in it. Public Key LCA.

The messages from public users are also processed in this health care system after some verification. based on the human organ damaged. so that when the private message service identifies the availability of the doctor in the nearby location. laptop and desktop. patient details. status of patient etc through Web. The following operation in Figure -2 is performed when the message is from the private user. the health system filters the specialists and identifies the nearby doctor available and directs the ambulance to go to the accident spot. The server retrieves the name of the doctor from the doctors profile database.framework through mobile. so that when the private message service provide filters the n on available doctors from the process of allocation. If the message from the private user specifies that the doctor is entering into the hospital. then specifies the nearest doctor’s availability and makes the ambulance to go to that nearest hospital immediately. Mobile device is used to send and receive the information as SMS from the framework. particular password status as ‘IN’ in the available doctors Database. If the message from the private user specifies that the doctor is leaving the hospital. Figure 2: Private User Message processing . then the server updates the doctor with the public user message. If the message indicates about the accident. User can get all types of information such as doctor list. then the server updates the doctor with particular password status as ‘OUT’ in the Available doctors Database.

in Proc. The proposed system offers a number of (2006). PhuDungle. in IEE Proc. Blobel B. 4. Narayanan S. Signal Processing and Information Technology (IEEE.2008).(Int. pp. Hence. Vidyasagar Potdar. 616-619.185-190.Han.57. Geoff Skinner. (Int. References 1. symp.Industrial Technology system. strong 9. 2833-2838. 47-51. New Framework for framework. A Framework for secure communication of Mobile E-health applications”. Design and Specification Figure 3: Functionality carried by the system when the request from non-registered user of Role-based Access Control policies.pp.. Poovendran R. Song and Skinner. Song Han. 5. Fahed Al-Nayadi.Journal. In this paper. Constantinos Mourlas1. and Potdar.pp. Burgsteiner Harald.29-30 3. Novel Authentication & Authorization Management for Sensitive information Privacy protection using Dynamic Key based Group Key Management”. Protecting Patient Privacy against Unauthorized Release of Medical authentication and gives confidence that systems are Images in a Group Communication Environment. In this protocol. A Mobile Agent Approach for (GPS) to track the location and utilize the transport Ubiquitous and Personalized eHealth Information . Vidysagar and protocol SAACP is proposed for E-health system Chang. Huy Hoang Ngo. and extended with the help of Global Positioning System George Samaras2.2005). Varadharajan V. The limitation of this system is the user (Int. Journal of Computer Science and Applications. secure. in Proc. Wallner Dietmar.”PeDIS-Design and Development of a Performance Diagnosis Information System”. G. Hitchens M. This protocol provides secure and Authentication and Authorization for e-Health Service flexible communication between user and healthcare Systems. Li M. Computerized Medical Imaging and should specify the location where the accident Graphics. facility of the organization very effectively. pp. ( Medical Informatics meets eHealth . pp.2009). Conf. the proposed approach will be 10 Panagiotis Germanakos1.Journal Medical Informatics. in Medical Informatics meets eHealth (2008) pp. SWS (2006). 2.. Elizabeth Chang.Int.balasubramaniam srinivasanii. Int. Jemal H.117-129. An authentication Framework for e-health systems”. Burgsteiner H and Prietl J. Chen. Advanced and Secure Architectural HER 5 Conclusion and Future Work Approaches. pp. happened. Xianping Wu. 7. 2007).105-106. Elizabeth and Wu. Medical data are transmitted in encrypted format and send to the legitimate user after various levels of verification. 2006). pp. advantages including a user-friendly. Software (2000).A Framework of Authentication and Authorization for e-Health Services in Proc.Abawajy. a new secure communication 8 . pp. six different mobile agents with different functionalities are proposed and used very effectively for the benefits of secure communication. 367-383. 6.74.

2006) pp.1259-1273. .Systems. ( IEEE transactions on computers ..