Secure Collaborative Mobile Platform for Transmission and Archival of Medical Images

Abstract

Compromising security of sensitive medical data often lead to severe consequences such as death of a patient or financial loses to health workers. This becomes worse when we share electronic medical data among a large community through a public network; especially in a mobile environment. In this paper, we present the design and the implementation of a secure mechanism for authentication and integrity verification based on a novel, robust, and efficient public key cryptography method called Elliptic Curve Cryptography (ECC) to an Android based collaborative medical imaging application. Customized digital certificate system based on ECC is implemented to authenticate the stakeholders of the system. The Elliptic Curve Digital Signature Algorithm implemented in Spongy Castel library together with Secure Hash Algorithm (SHA)-256 hashing is used to sign the message and verify the integrity. Besides, Advanced Encryption Standard (AES) with 256 bits key size is used to impose the confidentiality of the message. A benchmark mobile application is developed to test run times of different algorithms, curves and key sizes to find the optimal configuration for a mobile device. Results indicate that AES and SHA sizes do not make any significant impact on the runtime but ECC does. Although the AES key generation time is 61.0 ?s, the Initial Vector (IV) generation time is high as 762.0 ?s. Moreover, the ECC sign time is less as 5 ms and the verification time is large as 200 ms. However, in all cases, the security increases when the key size increases. Though theoretically, ECC is much faster than the present RSA asymmetric encryption, practically it is not due to the unavailability of optimized libraries. However, due to less computation and space requirement of ECC compared to other public key cryptography methods, the proposed method is well suited for mobile devices.