The International Arab Journal of Information Technology (IAJIT)


A Transaction Security Accountability Protocol for

In the last two decades, the term “electronic health (e-health) systems” were extensively mentioned in the healthcare industry with the aim of replacing paper usage and increasing productivity. Unfortunately, these systems are not still widely used by healthcare professionals and patients due to the concerns on security and accountability issues. In this article, we propose an accountability transaction protocol to overcome all security issues for implementing electronic health systems. To validate our proposed protocol, we used both Automated Validation of Internet Security Protocols and Applications (AVISPA) and Scyther as the tools to prove its soundness.

[1] Aggarwal A., Kumar M., and Srivastava A., Estimation of Various Parameters for AES, DES, and RSA, Springer Link, 2021.

[2] Aggarwal A., Alshehri M., Kumar M., Alfarraj O., Sharma P., and Pardasani K., “Landslide Data Analysis Using Various Time-Series Forecasting Models,” Computers and Electrical Engineering, vol. 88, pp. 106858, 2020.

[3] Alkeem E., Shehada D., Yeun C., Zemerly M., and Hu J., “New Secure Healthcare System Using Cloud of Things,” Cluster Computing, vol. 20, no. 3, pp. 2211-2229, 2017.

[4] Amatayakul M. and Lazarus S., Electronic Health Records: Transforming your Medical Practice, Medical Group Management Assn, 2005.

[5] Ameen M., Liu J., and Kwak K., “Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications,” Journal of Medical systems, vol. 36, no. 1, pp. 93-101, 2012.

[6] Armando A., Basin D., Boichut Y., Chevalier Y., Compagna L., Cuéllar J., Drielsma P., Heám P., Kouchnarenko O., Mantovani J., Mödersheim S., Oheimb D., Rusinowitch M., Santiago J., Turuani M., Viganò L., and Vigneron L., “The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications,” in Proceeding of International Conference on Computer Aided Verification, pp. 281-285, 2005.

[7] Bashir A. and Mir A., “Lightweight Secure MQTT for Mobility Enabled e-health Internet of Things,” The International Arab Journal of Information Technology, vol. 18, no. 6, pp. 773- 781, 2021.

[8] Bhardwaj A., Al-Turjman F., Kumar M., Stephan T., and Mostarda L., “Capturing-The-Invisible (CTI): Behavior-Based Attacks Recognition in Iot-Oriented Industrial Control System,” IEEE Access, vol. 8, pp. 104956-104966, 2020.

[9] Blobel B., Hoepner P., Joop R., Karnouskos S., Kleinhuis G., and Stassinopoulos G., “Using A Privilege Management Infrastructure for Secure Web-Based E-Health Applications,” Computer Communications, vol. 26, no. 16, pp. 1863-1872, 2003.

[10] Boyd J., Accountability, pp. 599, McMurry Inc, 2003.

[11] Cremers C. and Mauw S., Operational Semantics and Verification of Security Protocols, Springer Link, 2012.

[12] Cremers C., “The Scyther Tool: Verification Falsification and Analysis of Security Protocols,” in Proceeding of International Conference on Computer Aided Verification, pp. 414-418, 2008.

[13] Della-Mea V., “What is E-Health (2): the Death of Telemedicine?,” Journal of Medical Internet Research, vol. 3, no. 2, pp. e834, 2001.

[14] Eysenbach G., “What Is E-Health?,” Journal of Medical Internet Research, vol. 3, no. 2, pp. e20, 2001.

[15] Feigenbaum J., Jaggard A., and Wright R., “Towards a Formal Model of Accountability,” in Proceedings of the New Security Paradigms Workshop, New York, pp. 45-56, 2011.

[16] Gajanayake R., Iannella R., and Sahama T., “Sharing with Care: An Information Accountability Perspective,” IEEE Internet Computing, vol. 15, no. 4, pp. 31-38, 2011.

[17] Gajanayake R., Iannella R., and Sahama T., “Privacy by Information Accountability for E- Health Systems,” in Proceedings of 6th International Conference on Industrial and Information Systems, Kandy, pp. 49-53, 2011.

[18] Gajanayake R., Iannella R., and Sahama T., “Privacy Oriented Access Control For Electronic Health Records,” in Proceedings of Data Usage Management on the Web Workshop at the Worldwide Web Conference, Germany, pp. 9-16, 2012.

[19] Gajanayake R., Sahama T., Lane B., and Grunwell D., “Designing an Information Accountability Framework for Ehealth,” in Proceedings of IEEE Healthcom 15th International Conference on E-Health Networking, Application and Services, Lisbon, 2013.

[20] Hou J. and Yeh K., “Novel Authentication Schemes for Iot Based Healthcare Systems,” International Journal of Distributed Sensor Networks, vol. 11, no. 11, pp. 183659, 2015. A Transaction Security Accountability Protocol for Electronic Health Systems 297

[21] International Telecommunication Union, “Implementing e-Health in Developing Countries: Guidance and Principles,” Retrieved, 2008.

[22] Lowe G., “A Hierarchy of Authentication Specifications,” in Proceedings of 10th Computer Security Foundations Workshop, Rockport, pp. 31-43, 1997.

[23] Mashima D. and Ahamad M., “Enabling Robust Information Accountability in E-Healthcare Systems,” in Proceedings of 3rd USENIX Workshop on Health Security and Privacy, pp. 1- 10, 2012.

[24] Mashima D. and Ahamad M., “Enhancing Accountability of Electronic Health Record Usage via Patient-Centric Monitoring. In HealthSec,” in Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, Miami, pp. 409-418, 2012.

[25] Mitchell J., From Telehealth to E-Health: the Unstoppable Rise of E-Health, Commonwealth Department of Communications, Information Technology and the Arts, 1999.

[26] Oh H., Rizo C., Enkin M., and Jadad A., “What Is Ehealth?: A Systematic Review of Published Definitions,” World Hosp Health Serv, vol. 41, no. 1, pp. 32-40, 2005.

[27] Roman L., “Combined EMR, EHR and PHR Manage Data for Better Health,” Drug Store News, vol. 31, no. 9, pp. 40-78, 2009.

[28] Seymour T., Frantsvog D., and Graeber T., “Electronic Health Records (EHR),” American Journal of Health Sciences, vol. 3, no. 3, pp. 201- 210, 2014.

[29] Shinde A., Umbarkar A., and Pillai N., “Cryptographic Protocols Specification and Verification Tools-A Survey,” ICTACT Journal on Communication Technology, vol. 8, no. 2, pp. 1533-1539, 2017.

[30] Techapanupreeda C. and Chokngamwong R., “Accountability for Electronic-Health Systems,” in Proceedings of IEEE Region 10 Conference, Singapore, pp. 2503-2506, 2016.

[31] Techapanupreeda C., Chokngamwong R., Thammarat C., and Kungpisdan S., “An Accountability Model for Internet Transactions,” in Proceedings of Information Networking, International Conference on, Cambodia, pp. 127- 132, 2015.

[32] Techapanupreeda C., Chokngamwong R., Thammarat C., and Kungpisdan S., “Accountability in Internet Transactions Revisited,” in Proceedings of 14th International Symposium on Communications and Information Technologies, pp. 378-382, 2014.

[33] Viganò L., “Automated Security Protocol Analysis with the AVISPA Tool,” Electronic Notes in Theoretical Computer Science, vol. 155, pp. 61-86, 2006. Chian Techapanupreeda received a bachelor’s degree in business administration from Saint John University, Thailand, in 1993; and a Master of Science (MS) in Computer Information Management from Assumption University, Thailand, in 1997, and the Ph.D. degree in Information Technology from Mahanakorn University of Technology, Thailand, in 2019. His research interests include cryptography, network security, wireless networks, and mobile computing and applications Ekarat Rattagan received the Bachelor of Architecture (B.Arch) from Chulalongkorn University, in 1999, the MS degree in Information Technology from King Mongkuts University of Technology Thonburi (KMUTT), Bangkok, Thailand, in 2003, and the Ph.D. degree in Electrical Engineering and Computer Science from National Chiao Tung University, Hsinchu, Taiwan, in 2016. He is currently a lecturer in the Graduate School of Applied Statistics, National Institute of Development Administration, Bangkok, Thailand. His research interests include Data Analytics and Data Sciences. Werasak Kurutach received a BE (2nd Class Honors) in Electrical Engineering from King Mongkut's Institute of Technology, Ladkrabang, Thailand, in 1985; a ME in Computer Science from Asian Institute of Technology, Thailand, in 1987; and a PhD in Computer Science and Engineering from The University of New South Wales, Australia, in 1995. Currently, he is an Associate Professor in Department of Information Technology, Mahanakorn University of Technology, Thailand. His research interests include data mining, uncertain and temporal data management, image processing and machine learning.