Securing Communication on the World-wide Web: Encryption Methods and Digital Signatures

From Clinfowiki
Revision as of 17:09, 25 November 2008 by DeanSittg (Talk | contribs)

Jump to: navigation, search

Communication on the WWW: Encryption Methods and Digital Signatures

With the increased adoption of EHRs and health information exchange (HIE) over the internet and HIPAA regulations, patients and physicians alike are concerned about PHI becoming public either inadvertently or maliciously. Patient attitudes about EHR access and the use of the internet for various communications have been described [1-3]. Physicians have reported concern over inappropriate disclosure of patient information and illegal/unauthorized tampering with records as a barrier to EHR implementation. [4]

Local security rules should limit access to those with proper authorization and privileges to create, modify and send PHI. Because PHI transmitted over the web must remain private under all circumstances and PHI exchanged between health care organizations must be authenticated, measures to encrypt and guarantee authenticity must be taken. This is accomplished by data encryption and digital signatures.

Data encryption mathematically manipulates the plaintext message using algorithms and keys to manipulate data into an unrecognizable form called cyphertext. The amount of security needed is determined in part by the length of time that the message must remain secret. The longer the key length (i.e. the more bits), the harder it is to break the encryption. For example, a message encrypted using a 56- bit key was broken in 23 hours by trying every possible combination using hundreds of thousands of personal computers. It would take an estimated 2000 years to break a 128-bit key encryption. [5, p. 388] Data encryption can be used to safely transmit data on the web. Once received, the message is decoded using the algorithm and the key back into its plaintext.

Symmetric encryption refers to the process of using the same key to encrypt and decrypt the message. There is a computational economy by using the same key. The disadvantage of this process is that the key must be kept private and shared only with the person to whom the message is intended. This requires an exchange to occur that ensures the key privacy. A second form of encryption is called asymmetric encryption. This involves the exchange of information using two separate keys, one of which is private and the other which is publically known. The public key is available through the public key infrastructure (PKI), a server that stores and makes available public keys. The keys are the inverse to each other, determined by mathematical manipulation of the product of two large prime numbers, and up to 2048 bits.

In asymmetric encryption, the sender encrypts the message with an algorithm using the public key of the recipient. The forwarded message is decrypted using the private key of the recipient, which is known only to the recipient. The advantage of this method is that there is no need to exchange a secret key as in symmetric encryption. The disadvantage is the large computational burden of asymmetric encryption.

Digital signing is the process of verifying that the message is actually from the person claiming to have sent the message. To digitally sign a message, the message is first encrypted using the public key of the recipient. The encrypted message is then manipulated using an algorithm and a 160-bit key (the hash) that converts the message into another number called the hash digest. The hash digest is a unique message that 1) is irreversible, and knowing the hash (key), cannot be used to determine the original encrypted message, and 2) is uniquely produced based upon the original encrypted message. The hash digest is then encrypted using the private key of the sender. Both the original encrypted message and the encrypted hash digest are sent.

When the message is received, the recipient performs two functions: 1) the decryption of the encrypted hash digest using the public key of the sender, revealing the senders unencrypted hash digest, and 2) using the hash, recalculate the hash digest using the encrypted original message. The decrypted hash digest and the newly calculated hash digest using the encrypted message should match. If the original encrypted message were intercepted and altered, the hash digests would not match since the sender calculated the hash digest and sent it based upon the original message and the recipient calculated the hash digest using the same encrypted message.

Because asymmetric encryption requires longer computational time compared to symmetric encryption, asymmetric encryption is frequently used to exchange a secret session key, and the secret session key is used in a symmetrical encryption exchange. [5-7]

Given the complexity of the encryption algorithms and the size of the keys, it would be unlikely that any PHI would be obtained, provided the necessary business processes are established for communication on the web.

1. Katsikas, S., Lopez, J., and Pernul, G. (2008) The Challenge for Security and Privacy Services in Distributed Health Settings, in eHealth: Combining Health Telematics, Biomedical Engineering and Bioinformatics to the Edge, Edited by B.Blobel, P. Pharow & M. Nerlich, IOS Press

2. Hassol, A. et al. (2004). Patient Experiences and Attitudes about Access to a Patient Electronic Health Care Record and Linked Web Messaging. JAMIA , II (6), 505-513.

3. Whiddett, R. H. (2006). Patients' Attitudes Towards Sharing Their Health Information. International Journal of Medical Informatics , 75, p.530-541.

4. DesRoches, C. M. (2008). Electronic Health Records in Ambulatory Care-A National Survey of Physicians. New England Journal of Medicine , 50-60.

5. Van Slyke, C. &. (2003). In E-Business Technologies Supporting the Net-Enhanced Organization (pp. 385-389;422-429). John Wiley & Sons, Inc.

6. Bionic Buffalo Corporation. (1999). Retrieved Nov 10, 2008, from www.tatanka.com: http://www.tatanka.com/document/technote/tn0035.pdf

7. (2003). The Security Component. In R. Van de Velde, & P. Degoulet, Clinical Information Systems A component Based Approach (pp. 173-190). New York: Springer-Verlag.


--TBlehl 14:26, 24 November 2008 (CST)