Professional Documents
Culture Documents
Abstract— To protect the health information security, The Australia’s National Authentication Service for
cryptography plays an important role to establish Health (NASH) project adopts a certificate-based Public Key
confidentiality, authentication, integrity and non-repudiation. Infrastructure (PKI) scheme to support security for
Keys used for encryption/decryption and digital signing must Australia’s national e-health services, when implemented [1].
be managed in a safe, secure, effective and efficient fashion. In fact, security services based on the certificate-based PKI
The certificate-based Public Key Infrastructure (PKI) scheme scheme have a number of well-recognized limitations
may seem to be a common way to support information particularly in a large-scale environment, including
security; however, so far, there is still a lack of successful complexity in certificate verification and management,
large-scale certificate-based PKI deployment in the world. In
scalability, performance, and timeliness [2]. As such, these
addressing the limitations of the certificate-based PKI scheme,
limitations cannot be ignored, when a national e-health
this paper proposes a non-certificate-based key management
scheme for a national e-health implementation. The proposed
implementation is based on the certificate-based PKI
scheme eliminates certificate management and complex scheme. The research question investigated in this paper is
certificate validation procedures while still maintaining stated as follows:
security. It is also believed that this study will create a new Is the certificate-based PKI scheme suitable to support
dimension to the provision of security for the protection of security for a large-scale national e-health implementation?
health information in a national e-health environment.
If not, is it possible to create an effective, efficient and
Keywords- non-certificate-based public key cryptosystem; e-
scalable public key management scheme to support security
health security; e-health solutions for a national level of e-health implementation, without
comprising security?
I. INTRODUCTION
A. Research Scope and Assumptions
E-health systems have the potential to improve the In addressing the limitations of the certificate-based PKI
quality, continuity and capacity of healthcare provision. scheme particularly in a large-scale environment, this paper
Numerous countries across the globe, therefore, have proposes a non-certificate-based public key management,
national e-health initiatives at some stage of investigation or Public Key Registry (PKR) scheme to support security,
implementation, including Australia, the United Kingdom, which is suitable for a national level of e-health
the Netherlands, Canada, the United States, and Singapore. implementation. Despite the fact that Identity-based (ID-
Significantly, the protection of e-health information based) cryptography is the one of well-known non-
security plays a critical role in the success of any e-health certificate-based key management schemes, it seems
implementation. For instance, the United States’ Health unfeasible to use ID-based cryptosystems to support security
Insurance Portability and Accountability Act (HIPAA) 1996 for a national e-health implementation. With ID-based
was enacted to encourage a move towards electronic health cryptography, the Key Generation Centre (KGC) generates
information systems, while requiring safeguards to ensure private keys for subscribers. As such, the KGC may sign or
security and confidentiality of health information. decrypt any message without authorization. This implies that
ID-based cryptography is unrealistic to be used for non-
To protect the security and confidentiality of health repudiation. This study, therefore, is focused on the proposed
information, cryptography can be used and should be used to non-certificate-based PKR scheme compared to the
establish confidentiality, authentication, integrity and non- certificate-based PKI scheme.
repudiation. Keys used for encryption/decryption and digital
signing must be administrated in a safe, secure, effective, and Undoubtedly, health information is highly sensitive by its
efficient manner. Key management is, therefore, critical to nature. It is critical to protect such information from any
the protection of health information. security hazards and privacy threats. Inevitably healthcare
applications or databases must be executed upon a trusted
348
PKR scheme, there are no certificate management and 3. A smart card is issued to the subscriber containing
certificate revocation issues. The relying party obtains the the subscriber’s identifier, key pair, and the trusted
requested public key directly via PKD without the healthcare authority’s public key.
complicated certificate verification procedures.
b) Public key revocation:
B. PKR Structure The public key revocation process comprises the
The proposed PKR scheme consists of two major parts: i) following steps:
the PKR components; and ii) the key management protocol.
1. Upon receipt of a key revocation request by a
1) PKR components: subscriber, the trusted healthcare authority verifies
The PKR components include the healthcare provider the subscriber’s identity and credentials.
entity and PKD. The healthcare provider entity is referred to 2. The trusted healthcare authority revokes subscriber’s
all participating individual healthcare providers and key and maintains a key log containing relevant key
healthcare organizations in a national e-health revocation history.
implementation.
3. The trusted healthcare authority then registers the
a) Healthcare provider entity new key, as described in the public key registration
Key pair generation should be performed in the key procedures.
owner’s system for security reasons. For instance, the
healthcare provider can generate his/her key pair with the use C. Use Cases
of a TCB system. With the proposed PKR scheme, the This section uses two use cases to illustrate how the
trusted healthcare authority is responsible for the proposed PKR scheme can support the integrity and
identification, authentication and key management for a confidentiality for a national e-health implementation. Use
national e-health implementation. case 1 illustrates how the data integrity is maintained under
the proposed PKR scheme. Use case 2 shows how the
b) Public Key Directory (PKD) confidentiality is supported by the proposed scheme.
It is envisioned that PKD is devised in the context of a
Domain Name System (DNS). The DNS structure is based Use Case 1: Data integrity supported by the proposed
around a globally distributed, hierarchical database structure PKR scheme
that relies upon replication for resilience. The PKD within A general practitioner (GP) sends a referral letter to a
the proposed PKR architecture is a facility runs at a national medical specialist over an open data network. This referral
level. PKD is a public key database contains records of each letter requires an assurance of integrity. The conceptual data
key owner’s identity with its associated public key and other flow diagram of this use case is shown in Figure 1.
related information. Explicitly, the data structure of PKD is
based on the Hash Table function to map the identity to the GP (Signer)
Medical specialist Public Key
(Verifier) Directory
related public key. Such a critical system is considered
necessary to be built on top of a TCB system for safe and Transmitting
signed message
reliable operation. Step1
349
Then PKD sends a digitally signed message containing IV. ANALYSIS AND EVALUATION
signer’s public key back to the verifier. This section examines the efficiency and scalability of
Step 3: The verifier validates the integrity of received the public key distribution process of the proposed PKR
message containing signer’s public key from PKD. Then, the scheme by comparing it to the certificate-based PKI scheme.
verifier can verify the digital signature on the signed referral Based on the following evaluation results, this research
to ensure the authenticity of the received referral letter. demonstrates that the proposed PKR scheme is a more
efficient and scalable approach for public key distribution,
Use Case 2: Confidentiality supported by the management and verification than the certificate-based PKI
proposed PKR scheme scheme for a national e-health implementation.
Please note that symmetric key encryption is used for A. Efficiency Analysis
data encryption for efficiency. The key used for data
encryption/decryption is called secret key/symmetric As indicated in Table I, the public key distribution
key/session key. Public key encryption is used to distribute process under the certificate-based PKI scheme involves
the symmetric key. complex certificate verification procedures. These include
checking the expiration date of the certificate, downloading
A physician “A” from a hospital needs to send a the latest CRL, verifying the signature on the CRL, checking
discharge summary to a patient’s GP “B”. This discharge Provider B’s certificate against the CRL, and verifying the
summary requires an assurance of confidentiality. The signature on Provider B’s certificate.
conceptual data flow diagram of this use case is shown in
Figure 2. The encryption and decryption procedures are In contrast, the proposed PKR scheme does not require
illustrated below: complicated certificate verification procedures to
disseminate public keys. Provider A simply sends a key
Step 1: query to PKD to request Provider B’s public key. PKD
searches B’s public key and then replies A with B’s public
• A sends digitally signed key query for B’s public key
key. Compared to the certificate-based PKI scheme, the
to PKD.
public key distribution under the proposed PKR scheme is
• PKD verifies the signed query and then replies with noticeably simplified and more efficient.
digitally signed response containing B’s public key.
TABLE I. A COMPARISON OF PUBLIC KEY DISTRIBUTION BETWEEN
• By the same token, B obtains A’s public key. THE CERTIFICATE-BASED PKI SCHEME AND THE PROPOSED PKR SCHEME
• After A and B have obtained each other’s public key Certificate-based PKI Proposed PKR scheme
scheme
from PKD, A and B can derive the session key for
Provider A requests Provider A sends a digitally-
message encryption and decryption. Provider B’s public key signed key query requesting
directly. Provider B’s public key via
Step 2: Certificate
PKD.
request
• A encrypts the discharge summary with the session B replies with a digitally-
signed message including Not required
key and then sends it to B. his/her certificate.
• B receives the encrypted discharge summary and then A validates the expiration
date of B’s digital Not required
uses the same session key to decrypt the received certificate.
discharge summary. Upon successful decryption, the A downloads the up-to-
received message is rendered to B. date CRL from the issuing Not required
CA.
Healthcare Provider A Public Key Directory Healthcare Provider B A validates the digital PKD searches A’s key to
signature on the CRL validate the signature on the
signed by the issuing CA. query message.
Public key query Public key query Certificate Upon successful Upon successful validation,
verification validation, A checks if B’s PKD searches for B’s public
Search requested certificate has been key.
Step1 Public key Search requested
public
public key
key Public key
response
response
revoked against the CRL.
A validates the digital
signature on B’s
Not required
certificate signed by the
Session key negotiation issuing CA.
PKD replies to A with a
Not required digitally signed message
containing B’s public key.
A validates B’s signature A verifies the digital
Encrypted data transmissions
on the replied message. signature on the message
Step2 Signature
sent from PKD to validate
verification
the integrity of received
message.
Figure 2. Confidentiality supported by the proposed PKR scheme
350
Upon successful A successful has obtained 100,000 166.381 19.359 11.520
Public key validation, A extracts B’s B’s public key. 1,000,000 1546.506 77.034 11.523
acquisition public key from B’s 2,000,000 3079.027 140.168 11.524
certificate. 3,000,000 4611.820 203.573 11.528
4,000,000 6137.384 259.750 11.529
B. Scalability Evaluation Based on the simulation results, Figure 3 further
This study develops a simulator to measure the demonstrates a trend analysis for the communication cost of
performance between the certificate-based PKI scheme and using the certificate-based PKI and proposed PKR schemes
the proposed PKR scheme in environments of different scale. in environments of different scale. The certificate-based PKI
The simulator is developed in Java language, operated on an scheme, as the number of subscribers grows, the
Intel Core i7 2.2GHz with 8GB RAM. This simulation is communication cost increases exponentially. In contrast, the
based on the following assumptions and environments: proposed PKR scheme remains a constant low level of
communication cost regardless of the number of subscribers.
• With the certificate-based PKI scheme, only one CA
As such, the proposed PKR is proven as a more efficient and
exists. To manage certificate revocation, the CA
scalable scheme for key distribution than the certificate-
adopts the CRL mechanism.
based PKI scheme particularly within a large scale
• The certificate revocation rate is 10 percent per year, environment.
and certificates have been issued for one year.
Communication
cost
• According to National Institute of Standards and (milliseconds)
7000
Technology (NIST) Public Key Infrastructure Study:
Final Report [22], the estimated the CRL size is 51 6000
bytes plus 9 bytes for each revoked certificate on the
CRL. 5000
Certificate-‐based
PKI
(Type
A)
• The number of subscribers is set to α. (let α = 1,000, 4000
Certificate-‐based
PKI
10,000, 100,000, 1,000,000, 2,000,000, 3,000,000, and 3000 (Type
B)
4,000,000) The
proposed
PKR
2000 scheme
• An assumed network transmission speed is 4.9 Mbps.
1000
• The singing and encryption is based on the Elliptic
Curve Digital Signature Algorithm (ECDSA) SHA- 0 Number of
subscribers
256.
C. Simulation Results
The Table II indicates that the simulation results of the
Figure 3. Comparison of communication cost of certificate-based PKI and
performance of the certificate-based PKI scheme and the proposed PKR scheme
proposed PKR scheme in environments of different scale. In
certificate-based PKI scheme, the simulation results are With its limitation of the proposed PKR scheme, as the
classified to two types: type A is the subscriber has to number of subscribers grows, to implement the proposed
download the latest CRL during the public key distribution PKR scheme would require a constant bandwidth available
process and type B is the subscriber has already downloaded to support simultaneous key queries and responses. In fact,
the CRL previously. When the number of subscribers grows, as transmission bandwidth is increasing with evolving
the communication cost arises in both types of certificate- technology, to meet the constant bandwidth requirement
based PKI scheme. Particularly, as subscribers grow to 4 should not be a major issue for the implementation of the
million, the communication cost of type A soars to 6000 proposed PKR scheme.
milliseconds (ms) approximately. It implies that the
communication cost of employing a certificate-based PKI V. CONCLUSION AND FUTURE WORK
scheme is significantly impacted if downloading CRL is Notwithstanding the obvious potential advantages of
required. In the proposed PKR scheme, the communication information and communications technology in the enhanced
cost remains much lower than the certificate-based PKI provision of healthcare services, there are some concerns
scheme, which is at approximately 11 ms whether the
associated with access to electronic health information.
number of subscribers is a thousand or 4 million. Violations of the privacy and security of health records can
significantly undermine both healthcare providers’ and
TABLE II. SIMULATION RESULTS OF COMMUNICATION COST OF
CERTIFICATE-BASED PKI AND PROPOSED PKR SCHEME IN ENVIRONMENTS consumers’ confidence and trust in e-health systems. A crisis
OF DIFFERENT SCALE in confidence in any national e-health system could seriously
Number of Certificate-based PKI scheme Proposed PKR
degrade the realization of the system’s potential benefit. This
subscribers α cost (milliseconds) scheme cost paper emphasizes on the significance of security and privacy
Type A Type B (milliseconds) protection for health information systems, since these
1,000 15.016 13.464 11.518 elements play a vital role in the successful implementation of
10,000 28.798 14.021 11.519 a national e-health system.
351
To protect the security and confidentiality of health [5] B. Blobel, P. Pharow, V. Spiegel, K. Engel, and R. Engelbrecht,
information, cryptography plays an important role to "Securing interoperability between chip card based medical
information systems and health networks," International Journal of
establish confidentiality, authentication, integrity and non- Medical Informatics, vol. 64, pp. pp. 401-415, 2001.
repudiation. Key management is critical to the protection of [6] J. Hu, H.-H. Chen, and T.-W. Hou, "A hybrid public key
patient information. The keys used for encryption and digital infrastructure solution (HPKI) for HIPAA privacy/security
signing must be managed in an effective and efficient regulations," Computer Standards & Interfaces, vol. 32, pp. pp. 274-
fashion. The certificate-based PKI scheme may seem to be a 280, 2010.
common way to support security services in electronic [7] H. Takeda, Y. Matsumura, S. Kuwata, H. Nakano, J. Shanmai, Z.
communication environments; however, so far, there is still a Qiyan, C. Yufen, H. Kusuoka, and M. Matsuoka, "An assessment of
PKI and networked electronic patient record system: lessons learned
lack of successful large-scale certificate-based PKI scheme from real patient data exchange at the platform of OCHIS (Osaka
deployment in the world. Community Healthcare Information System)," International Journal
of Medical Informatics, vol. 73, pp. 311-316, 2004.
The outcome of this research is a roadmap of viable and
[8] K.A. Stroetmann and S. Lilischkis. (2007, eHealth Strategy and
sustainable architecture as a scalable, effective, and efficient Implementation Activities in Germany. Available:
approach to support security for a national e-health http://www.ehealthera.org/database/documents/ERA_Reports/Germa
implementation. The proposed solution requires no ny_eHERA Country_Report_final_30-06-2007.pdf
certificate management and complex certificate validation [9] E. Faldella and M. Prandini, "A novel approach to on-line status
procedures, while still maintaining security. It is also authentication of public-key certificates," in Computer Security
believed that this study can provide a new dimension to the Applications, 2000. ACSAC '00. 16th Annual Conference, 2000, pp.
270-277.
provision of security for the protection of privacy and
[10] P. Gutmann, "A reliable, scalable general-purpose certificate store,"
security health information. in Computer Security Applications, 2000. ACSAC '00. 16th Annual
In achieving a high level of information assurance in a Conference, 2000, pp. 278-287.
contemporary e-health system environment, privacy and [11] E. Faldella and M. Prandini, "A flexible scheme for on-line public-
key certificate status updating and verification," in Computers and
security requirements need to be addressed from a holistic Communications, 2002. Proceedings. ISCC 2002. Seventh
manner. This paper, however, is intended to focus on an International Symposium on, 2002, pp. 891-898.
efficient and scalable key management strategy to support [12] H. Leitold, A. Hollosi, and R. Posch, "Security architecture of the
security for a national level of e-health implementation. Austrian citizen card concept," in Computer Security Applications
There are a number of issues beyond the scope of this paper, Conference, 2002. Proceedings. 18th Annual, 2002, pp. 391-400.
which remain for future research. These issues include the [13] A. Slagell, R. Bonilla, and W. Yurcik, "A survey of PKI components
assurance and protection of e-health systems in the next- and scalability issues," in Performance, Computing, and
Communications Conference, 2006. IPCCC 2006. 25th IEEE
generation Internetworking environment. Inevitably, health International, 2006, pp. 10 pp.-484.
information systems will need to move forwards the next-
[14] N. Zhongying, Z. Ke, J. Hong, Y. Tianming, and Y. Wei,
generation Internetworking environment. Not only does the "Identification and Authentication in Large-Scale Storage Systems,"
health information system architecture must be secure and in Networking, Architecture, and Storage, 2009. NAS 2009. IEEE
resilient, but also the overall health information systems International Conference on, 2009, pp. 421-427.
must be operated adequately protected from cyber-attacks in [15] S. Micali, "Efficient certificate revocation," Citeseer1996.
the next-generation Internetworking environment. Future [16] P. Kocher, "A quick introduction to Certificate Revocation Trees,"
work will be continuing on the setting a high level of 1998.
information assurance in the establishment and maintenance [17] C. Adams and R. Zuccherato, "A general, flexible approach to
of both current and future large-scale health information certificate revocation," Entrust Technologies White Paper, 1998.
systems, with the ultimate goals of maximum sustainability, [18] The Internet Society, "X.509 Internet Public Key Infrastructure
Online Certificate Status Protocol - OCSP," ed: IETF,, 1999.
flexibility, performance, manageability, and ease-of-use.
[19] M. Naor and K. Nissim, "Certificate revocation and certificate
REFERENCE update," Selected Areas in Communications, IEEE Journal on, vol.
18, pp. 561-570, 2000.
[1] Australian Department of Health and Ageing, "Concept of
[20] D. A. Cooper, "A more efficient use of delta-CRLs," in Security and
Operations: Relating to the introduction of a Personally Controlled
Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on,
Electronic Health Record System," ed. Canberra: National E-Health
2000, pp. 190-202.
Transition Authority Ltd, 2011.
[21] W. Diffie and M. Hellman, "New directions in cryptography,"
[2] C. Adams and S. Lloyd, Understanding PKI: concepts, standards,
Information Theory, IEEE Transactions, vol. 22, pp. 644-654, 1976.
deployment and consideratiions, Second ed. Boston: Person
Education, Inc., 2002. [22] S. Berkovits, S. Chokhani, J. Furlong, J. Geiter, J. Guild, N. I. O.
STANDARDS, and T. G. MD, "Public Key Infrastructure Study:
[3] B. Blobel, "The European TrustHealth Project experiences with
Final Report," National Institute of Standards and TechnologyApril
implementing a security infrastructure," International Journal of
1994.
Medical Informatics, vol. 60, 2000.
[4] M. Tsiknakis, D. Katehakis, and S. C. Orphanoudakis, "A health
information infrastructure enabling secure access to the life-long
multimedia electronic health record," 2004, pp. 289-294.
352