Abstract
In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution’s procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome.
Highlights
IntroductionSecurity in the healthcare system has been an emerging trend for the past few years
This study has focused on the security of the Microservice Architecture (MSA) application programming interfaces (APIs) and concentrated on penetration testing for network environments
Experiments related to CSRF, XSS, Clickjacking, content sniffing, and brute force were conducted with Mockito, Keycloak UI, and Postman
Summary
Security in the healthcare system has been an emerging trend for the past few years It defines the interconnection of communication-enabled medical-grade devices (e.g., wearable and non-wearable), web services, software applications, and their integration with wider-scale health systems and services to improve patients’ wellbeing [1,2]. From the existing studies, identified vital security terms (see Table 1) are distributed in the following four categories to use in this study: authentication (multi-factor, form-based, bearer token, and API key), authorization (Open Authorization (OAuth2), Open Identifier (OpenID), and Cross-Origin Resource Sharing (CORS)), encryption (digital certificate, Hypertext Transfer Protocol Secure (HTTPS), Rivest– Shamir–Adleman (RSA), Bcrypt, Secure Hash Algorithm (SHA)-256, and Message-Digest algorithm (MD5)) and external security threats (Cross-Site Request Forgery (CSRF), MITM, Cross-site scripting (XSS), brute force, DoS, DDoS, and IP spoofing)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
