Implementation of RSA 2048-bit and AES 256-bit with digital signature for secure electronic health record application

This research addresses the implementation of encryption and digital signature technique for electronic health record to prevent cybercrime problem such as robbery, modification and unauthorized access. In this research, RSA 2048-bit algorithm, AES 256-bit and SHA 256 will be implemented in Java programming. Secure Electronic Health Record Information (SEHR) application design is intended to combine given services, such as confidentiality, integrity, authentication, and non-repudiation. Cryptography is used to ensure the file records and electronic documents for detailed information on the medical past, present and future forecasts that have been given only for the patients. The document will be encrypted using an encryption algorithm based on NIST Standard. In the application, there are two schemes, namely the protection and verification scheme. This research uses black-box testing and white-box testing to test the software input, output, and code without testing the process and design that occurs in the system. We demonstrated the implementation of cryptography in Secure Electronic Health Record Information (SEHR). The implementation of encryption and digital signature in this research can prevent archive thievery which is shown on implementation and is proven on the test.


I. INTRODUCTION
Medical records based on paper still have some flaws and problems. Those problems occur ranging from physical security, requiring storage area, difficult to transfer or communication the information, easily damaged and destroyed. If the storage process is not performed properly, it will complicate the search process or the information retrieval. In addition to the many possible disasters, health record information are personal data for someone and human life. For that, we need a solution to resolve the issue. The process of manually organising and managing on paper media has a few shortcomings in the aspect of information security that is confidentiality, data integrity, availability, non-repudiation, and authentication [1]. The electronic health records (EHR) has great benefits to health services such as primary and referral service facilities and hospitals.
The perceived benefits are increasing availability of electronic patient records in hospitals, improving the efficiency of the health care retrieval process [2], facilitating retrieval of patient information [3], easy access to patient information that ultimately help in clinical decision-making, and reducing operational impact cost and earnings improvement in health care facilities especially hospitals [4].
The EHR should only be accessed and shared by authorised healthcare providers such as doctors, nurses, lab technicians due to its function to record any critical information for every patient. That critical information such as the enforcement of diagnosis, therapy, avoids allergic reactions and drug duplication [5]. This practice is consistent with ethical considerations in the application of information [5] technology, where all healthcare providers have a moral code that requires the balance between the patient privacy and the care needs including the access to the records of patients [6].
A recent research article proposed that Public Key Infrastructure (PKI), symmetric key and login password for authentication are used for the security of the EHR [7]. Based on ISO/TS 18308 standard [8], the primary purpose of the EHR is to provide a documented record of care which supports both present and future care received by the patient from the same or other clinicians or care providers. This documentation provides a mean of communication among clinicians Cite this article as: M A Sadikin and R W Wardhani, "Implementation of RSA 2048-bit and AES 256-bit with Digital Signature for Secure Electronic Health Record Application", CommIT (Communication & Information Technology) Journal 10(2), 63-69, 2016. contributing to the patient's care.
In this paper, EHR was designed and built using digital signature and file encryption. Digital signature and file encryption are used not only to solve confidentiality, data integrity, availability, non-repudiation, and authentication problem but also to prevent robbery, modification and unauthorised access. Secure Electronic Health Record Information (SEHR) is a secure electronic health record which uses RSA 2048 bit [9], AES 256 bit [10] and SHA 256-bit algorithm that is implemented in Java programming. The cryptography aspect is expected to ensure the file records and electronic documents on patient's identity, examination, treatment, action and service given and the authorised person.

A. Electronic Health Record
Electronic Health Record (EHR) is a comprehensive patient's health information electronic record which is an integration of the multiple health information databases. The record contains patient demographics, progress notes, problems, medications, vital signs, past medical history, immunisations, laboratory data and radiology reports [11].
The EHR includes all information contained in a traditional health record including a patients health profile, behavioural and environmental information. The EHR also includes the dimension of time, which allows inclusion of information across multiple episodes and providers, which will ultimately evolve into a lifetime record [12]. The EHR defined here contains all personal health information belonging to an individual. Those data are entered and accessed electronically by healthcare providers over the patient's lifetime. The EHR contains data beyond the acute inpatient situations, including all ambulatory care settings at which the patient receives care [13]. Based on the Regulation of the Minister of Health about the filling of medical records, it is stated that legal sanction can be given to the hospital or health workers who fail to pay a close attention and commit mistakes in filling the pages of medical records [14].

B. Digital Signature
Cryptography focuses on the issue of maintaining the confidentiality of information by using methods and mathematical techniques that include confidentiality, the data integrity, entity authentication, and data origin authentication [15]. RSA (Rivest, Shamir, Adleman) algorithm is an asymmetric cryptographic invented by Rivest, A. Shamir, and L. Adleman in 1997 [15]. In this research, RSA algorithm is applied as a digital signature scheme. The RSA algorithm is used due to its fast computation compared to ECDSA and DSA [16].
In the process of signature generation and verification, an entity A marks the message m ∈ M. The entity B can verify A's signature and return the message m from the signature. The procedure is of the following (see Fig. 1).
1) Key Generation in RSA Digital Signature.
• Determine randomly two large prime numbers p and q.

3) Verification
• Getting A's public key: (n, e) • Compute s ′ =s e mod(n). Verification: if the value of s = s ′ then the digital signature is authentic.

C. Advanced Encryption Standard
Advanced Encryption Standard (AES) is a block cipher algorithm which is intended to replace DES algorithm as a standard and is recognized for some applications [18]. AES is also a standard algorithm for data encryption and decryption (Eric Conrad, Advanced Encryption Standard). In this research, AES is used because due to its advantages to secure documents and is proven to be safe based on NIST Standard [10]. The AES algorithm is outlined in Fig. 2. For the decryption process, inverse process is used at the transformation stage. The process starts from InvSubBytes, InvShiftRows, and ends in InvMix-Columns. Because of this, S-box for encryption and decryption are different. In the decryption process, the used S-box is the inverse S-box.

A. General Description The Application
Secure Electronic Health Record application is an application that applies the concept of digital signatures using RSA and SHA-256 algorithms and AES-256 block cipher algorithm for the encryption process.
The application will be implemented in Java programming language that guarantees the integrity, confidentiality, authentication and non-repudiation. Java language is used because it is more mobile, multiplatform, object-oriented, portable, and open source. It has two schemes which are the protection scheme and verification scheme. It is assumed that the protection and verification processes are contained in one application. The protection step is on the tab SIGN & ENCRYPT and the verification process is on the VERIFICATION tab. The details of the two processes are of the following.
1) Signing and Encryption Scheme: On the protection schemes, two processes are running: the securing process (encryption) and the authenticating process (signing). The generation of the private key and the public key is done before the encryption and signing process executed. The scheme of securing and authenticating documents is done in a simple manner following the scheme in Fig. 3.
2) Verification Scheme: The verification process is done by reversing the signing process (see Fig. 4). The file is firstly decrypted using a key that has been used previously in the encryption process. After this process, the file is hashed and then digital signature calculations using a public key that has been generated and stored in the protection stage is performed. The verification process is the process of calculating the digital signature value of the hashed document using the public key. If appropriate, it will display a notification that the document is successfully decrypted and proven to be authentic. If it does not match, the notification will show that the document was not authentic or has been a change.

B. Implementation of Secure Electronic Health Record Application (SEHR)
The implementation of digital signature File Encryption includes steps using SEHR application. The steps in the implementation of SEHR application are as follows: 1) Login process: When the user runs the application, the Welcome message will appear to start logging the process (see Fig. 5). The user needs to fill the USERNAME and PASSWORD fields. By pressing the LOGIN button, the login process will be executed. The application will verify the username and password submitted by the user. If the password corrects, the application main view will be displayed. However, if the username, password, or both incorrect, then notification appears and the user cannot access to the next application process. Following is a snippet from the source code of the Class login(): String UserName = jTextField1.getText(); String Password = jPasswordField1.getText(); if(UserName.equals("dikin")&&(Password.equals("123456"))){ JOptionPane.showMessageDialog(null,"LOGIN SUCCESS" + " \n WELCOME TO Electronic Medical Record Application" + " \n Application by: MOHAMAD ALI SADIKIN" + " \n SEKOLAH TINGGI SANDI NEGARA" + " \n 1413101075", "file", JOptionPane.INFORMATION_MESSAGE); dispose(); new latjab().setVisible(true); } else { JOptionPane.showMessageDialog(null, "WHO ARE YOU ?? I DONT KNOW YOU ( -_-')", "ERROR !!",JOptionPane.ERROR_MESSAGE);} } 2) Generate RSA Key: The user generates the key by pressing Generate RSA KEY button (see Fig. 6). In the application, a secure random is used to generate RSA private key and public key parameters. Furthermore, by pressing the SAVE button, the private key and public key will be stored on the file extension * .txt and a notification that the private key and public key have been successfully generated and stored is displayed. The folowing is a snippet from the source code of Class RSA and the view of application when RSA key generated.  3) Signing and Encryption: The user needs to input the document in the field FILE to start the signing and encrypting process (see Fig. 7). Furthermore, the user inputs the key in the field IN-PUT KEY. To encrypt the document user needs to press the ENCRYPT button. When the user pressing SIGN button, signcrypt method will be running and the document has been signed and encrypted. Following is a snippet from the source code of Class signcrypt and the application view when the application executes the signing and encryption process. The output of this process stored in a location where the document was taken with a different file name with the original file. Signed and encrypted files are stored as a file extension * .txt. Furthermore, these files will be used in the verification process.

4) Verification: The implementation of verification
scheme is made separately with the protection schemes even though they are contained in a single application (see Fig. 8). To run the verification process, it takes three inputs which are a document file that has been encrypted (file results from encryption process with extension * .txt), the signature file (file output from signing process with extension * .txt), and the key to decrypt the encrypted file. In this process, the user is asked to input encrypted file documents, digital signature, decryption keys and then press the Verify button. After that, the application will verify the digital signature. The output of this process is a notification whether the verified decrypted document is same as the original. Following is a snippet from the source code of Class verification and the application view when the verification process is executed.

A. Black-box Testing
The black-box approach is a testing method in which the test data are derived from the specified functional requirements without regard to the final program structure [20]. It is also termed data-driven, input/output driven [21], or requirements-based testing [22]. In the current research, the black-box testing activities are presented in Tables I and II. The result of black-box testing shows that all output are exactly match the expected outputs.  User press SAVE button The system save key pair on the database 4 User press HASH button The application show hash value of message and save it into database 5 User input key and press ENCRYPT button The application show the key, encrypt the message with AES-256 bits and save the cipher text into database 6 User press SIGN button The application will show notification that file is succesfully encrypted and signed. Then signature is saved into database User press VERIFI-CATION button The system show notification that file is succesfully decrypted and is authentic.

B. White-box Testing
The white-box testing is testing that takes the internal mechanism of a system or component into account [23]. In the development of the current software, the white box testing is done by using Kilo-Lines-of-Code calculation mechanism. For that, first, calculating the lines of code for each file that containing program code. Amount of code in each file are presented in Table III.
Doty Model is not used because total of code are less than 9000 lines. Folowing table are the results of correctness calculations testing using the Waltson- Felix, Bailey-Basili and Boehm methods in Table IV. The obtained error density value was 11.67, 7.54, and 8.29 with size of project less than 16,000 lines of code, then the value of the error density is in the range 0-40 per KLOC error as stated by Steve McConnell [24]. Therefore, it can be concluded that the application of Secure Electronic Health Record Using Java Programming Languages has meet the standards of software quality for correctness aspect.

V. CONCLUSIONS
This work has demonstrated the implementation of the encryption Secure Electronic Health Record. The implementation is performed using Java programming implementation and it has been tested. The result of black-box testing shows that all output exactly match what are expected. The white box testing shows that the obtained error density value was 11.67, 7.54 and 8.29 with the size of the project of less than 16000 lines of code.