Securing a Web-Based Hospital Management System Using a Combination of AES and HMAC

Abstract

The demand for a secured web storage system is increasing daily for its reliability which ensures data privacy and confidentiality. The proposed paper aims to find the most secure ways to maintain integrity and protect privacy and security in healthcare management systems. The Advanced Encryption Standard (AES) algorithm is used to encrypt data transferred by providing a means to check the integrity of information transmitted and make it more immune to cyberattack techniques, this was implemented by using Keyed-Hash Message Authentication Code (HMAC) and Secured Hash Algorithm-256 (SHA-256). The risk of exposure to attackers can be avoided by using honeypot systems combined with Intrusion detection systems (IDSs) as a firewall system is not effective against such attacks alone. The experimental results evaluate the proposed security health information management system by comparing the performance of the encryption algorithm based on encryption time, memory and CPU usage, and entropy for different plaintext lengths. In addition, it can be seen that when changing the AES key size, more memory and time are required the longer the key size is used. The 128 bits AES key is therefore advised if the system must operate in hard real-time.