dissertation full

Implementation and Evaluation of a Federated and Secure Cloud-based Electronic Health Care

Infastructure

Biraj Prajapati

Submitted in partial fulfilment of the requirements of Edinburgh Napier University

for the Degree ofBachelor of Engineering with Honours in Computer Systems

and Networks

School of Computing

April 2014

Supervisor: Prof. William Buchanan

Second Marker: Mr. Richard Macfarlane

40062051 SOC10101

Authorship DeclarationI, Biraj Prajapati, confirm that this dissertation and the work presented in it are my own achievement.

Where I have consulted the published work of others this is always clearly attributed;

Where I have quoted from the work of others the source is always given. With the exception of such quotations this dissertation is entirely my own work;

I have acknowledged all main sources of help;

If my research follows on from previous work or is part of a larger collaborative research project I have made clear exactly what was done by others and what I have contributed myself;

I have read and understand the penalties associated with Academic Misconduct.

I also confirm that I have obtained informed consent from all people I have involved in the work in this dissertation following the School's ethical guidelines

Signed:

Date:

Matriculation no: 40062051

B. Prajapati - BEng (Hons) Computer Systems and Networks

40062051 SOC10101

AcknowledgementFirstly, I would like to thank Prof. Bill Buchanan for providing me an opportunity to carry out this project along with all the guidance and support he has provided me throughout the year. .

I would also like to thank Richard Macfarlane for being my second marker. Additionally, I would like to thank Owen Lo and Alistair Lawson for their support during the initial stages of the project.

Finally, I would like to thank my family and friends for their support.


40062051 SOC10101

Data Protection Declaration

Under the 1998 Data Protection Act, The University cannot disclose your grade to an unauthorized person. However, other students benefit from studying dissertations that have their grades attached.

Please sign your name below one of the options below to state your preference.

The University may make this dissertation, with indicative grade, available to others.

The University may make this dissertation available to others, but the grade may not be disclosed.

The University may not make this dissertation available to others.


40062051 SOC10101

Contents

Authorship Declaration

Acknowledgement

Data Protection Declaration

Abstract

1 Introduction.......................................................................................................................1

1.1 Project Overview.......................................................................................................1

1.2 Background................................................................................................................1

1.3 Aim and Objectives...................................................................................................2

1.4 Dissertation Structure...............................................................................................2

2 Literature Review...............................................................................................................4

2.1 Introduction...............................................................................................................4

2.2 Cloud Computing......................................................................................................4

2.3 E-Health......................................................................................................................82.3.1 E-Health System(General Requirements)..........................................................................................82.3.2 Importance of E-Health......................................................................................................................92.3.3 Current State of E-Health.................................................................................................................112.3.4 E-Health Frameworks......................................................................................................................122.3.5 Diabetes management system..........................................................................................................14

2.4 Identity management...............................................................................................152.4.1 Identity Provisioning and de-provisioning.......................................................................................162.4.2 Authentication..................................................................................................................................16

2.5 Federated Identity Management............................................................................182.5.1 Benefits and current state.................................................................................................................182.5.2 Existing Federations.........................................................................................................................202.5.3 Federated Identity Authentication Protocols....................................................................................232.5.4 Trust in Identity management system..............................................................................................25

2.6 Access Control.........................................................................................................262.6.1 PERMIS...........................................................................................................................................262.6.2 XACML...........................................................................................................................................272.6.3 EPAL................................................................................................................................................28

2.7 Security and cryptography.....................................................................................282.7.1 Symmetric Key Encryption..............................................................................................................282.7.2 Asymmetric key Encryption.............................................................................................................302.7.3 One Way Hash.................................................................................................................................30

2.8 Ethics and Laws.......................................................................................................30

2.9 Conclusions..............................................................................................................31

3 Design...............................................................................................................................33

3.1 Introduction.............................................................................................................33


40062051 SOC10101

3.2 Initial Setup..............................................................................................................33

3.3 Tools and Language................................................................................................34

3.4 Web Interface Design..............................................................................................343.4.1 ASP.NET MVC................................................................................................................................34

3.5 External ID Providers.............................................................................................35

3.6 Database Design.......................................................................................................36

3.7 Security and Cryptography....................................................................................37

3.8 Cloud Storage...........................................................................................................37

3.9 Final design..............................................................................................................37

3.10 Conclusion................................................................................................................38

4 Implementation................................................................................................................40

4.1 Introduction.............................................................................................................40

4.2 Connecting External Providers..............................................................................414.2.1 Facebook..........................................................................................................................................414.2.2 Google..............................................................................................................................................424.2.3 Twitter..............................................................................................................................................424.2.4 Microsoft..........................................................................................................................................42

4.3 Data Simulation.......................................................................................................434.3.1 General Data.....................................................................................................................................434.3.2 Medical Data....................................................................................................................................45

4.4 Database Encryption...............................................................................................464.4.1 AES Encryption...............................................................................................................................474.4.2 DES Encryption...............................................................................................................................48

4.5 Key Management.....................................................................................................484.5.1 LM/NTLM.......................................................................................................................................494.5.2 MD5.................................................................................................................................................494.5.3 SHA1................................................................................................................................................504.5.4 Password Based Cryptography Service (PBCS)..............................................................................50

4.6 Web Server...............................................................................................................514.6.1 Integrating External ID Providers....................................................................................................514.6.2 Database...........................................................................................................................................53

4.7 Name Spaces used....................................................................................................56

4.8 Conclusion................................................................................................................57

5 Evaluation........................................................................................................................58

5.1 Introduction.............................................................................................................58

5.2 Experiments.............................................................................................................585.2.1 External ID Providers.......................................................................................................................585.2.2 Hashing Algorithms.........................................................................................................................605.2.3 Comparing AES and DES................................................................................................................615.2.4 Stress Test........................................................................................................................................63

5.3 Conclusion................................................................................................................64

6 Analysis............................................................................................................................65

6.1 Introduction.............................................................................................................65


40062051 SOC10101

6.2 Comparing External ID providers.........................................................................65

6.3 Comparing Hashing Algorithm..............................................................................66

6.4 Comparing AES and DES.......................................................................................66

6.5 Load Test Results....................................................................................................67

6.6 Trust in External ID providers..............................................................................68

6.7 Choice of Encryption Methodologies.....................................................................69

6.8 Number of Cloud instances.....................................................................................70

6.9 Conclusions..............................................................................................................70

7 Conclusion.......................................................................................................................72

7.1 Introduction.............................................................................................................72

7.2 Meeting the Objectives............................................................................................727.2.1 Objective 1.......................................................................................................................................727.2.2 Objective 2.......................................................................................................................................737.2.3 Objective 3.......................................................................................................................................73

7.3 Critical Analysis.......................................................................................................73

7.4 Reflection..................................................................................................................74

7.5 Future Works...........................................................................................................75

8 References........................................................................................................................76

Appendix 1 Initial Project Overview......................................................................................83

Appendix 2 Report on IPO.....................................................................................................87

Appendix 3 Interim Report.....................................................................................................89

Appendix 4 Diary Sheet........................................................................................................103

Appendix 5 Source Code.......................................................................................................124


40062051 SOC10101

List of Tables

Table 1: comparison between cloud service providers (Rimal, et al., 2009).............................7Table 2 : Benefit categories from a user and business perspective (Jensen, 2011).................20Table 3: Diabetes Parameters...................................................................................................45Table 4: Specification of web server........................................................................................56Table 5: NameSpaces Used......................................................................................................56Table 6: Info provided by external users..................................................................................65


40062051 SOC10101

List of Figures

Figure 1: Security elements for cloud computing system (Lonea, et al., 2013)........................8Figure 2: Handling an emergency situation in normal condition (Oladimeji, et al., 2011).....10Figure 3: Utilization of E-Health care system to handle emergency conditions (Oladimeji, et al., 2011)...................................................................................................................................10Figure 4: Overview of Liberty Alliance Architecture (Madsen, et al., 2005, November).......21Figure 5: Sequence flow in single sign-on processes (Madsen, et al., 2005, November)........21Figure 6: OAuth authorization steps extracted from (Hardt, 2012).........................................25Figure 7: XACML policy structure (Sanchez, et al., 2008).....................................................27Figure 8: XACML trust authorization architecture (Mbanaso, et al., 2006)............................27Figure 9: Initial e-health design...............................................................................................33Figure 10: MVC Working structure (BeanSoftware, 2014).....................................................35Figure 11: General Database Parameters.................................................................................36Figure 12: Medical Database Parameters.................................................................................37Figure 13: Overall design of the system..................................................................................38Figure 14: MVC Project initiation...........................................................................................40Figure 15: Settings used in Development server......................................................................41Figure 16: Registering app in Facebook..................................................................................41Figure 17: Registering app in Google......................................................................................42Figure 18: Registering app in Twitter......................................................................................42Figure 19: Registering app in Microsoft..................................................................................43Figure 20: Settings used for general database..........................................................................43Figure 21: Database with general information.........................................................................44Figure 22: Settings used in medical database..........................................................................45Figure 23: Medical Database...................................................................................................46Figure 24: AES encrypted database.........................................................................................47Figure 25: DES encrypted database.........................................................................................48Figure 26: User Login screen...................................................................................................53Figure 27: Entity framework model.........................................................................................54Figure 28: Home screen after authenticating user....................................................................54Figure 29: Using Rainbow table in oph crack..........................................................................61Figure 30: Using John-The Ripper...........................................................................................61Figure 31: Using HashCat........................................................................................................61Figure 32: Using Blazemeter to create simulation of users.....................................................64Figure 33: Graph comparing Latency for external ID providers.............................................66Figure 34: Time taken to crack hash........................................................................................66Figure 35: Disk usage...............................................................................................................67Figure 36: Comparison of latency for different encryption method........................................67Figure 37: Footprints through web server in Microsoft Azure................................................67Figure 38: Status of the website in network monitor tool........................................................68Figure 39: Monitoring the website...........................................................................................68Figure 40: Analysing trust in id providers...............................................................................69


40062051 SOC10101

AbstractThe revolution of cloud computing has opened up a wide scope for the use of information and technology in variety of areas in the society. Economic market has been utilizing the services of information and technology for some time now. However, technology has had a little influence in the health sector of the society. But in the recent times the use of IT in health sector in garnering a lot of attention. Due to the growth in technology general public are using computers and internet more often in relation to health care. Moreover, the inexpensiveness of data storage in the modern era has encouraged both general public and health care professionals to utilize the services, and store the medical data electronically. However, not everyone has the confidence to use computers and IT for the health care purposes. This is due to the insecurity and threat that computer industry, in general, faces from many adversaries.

The aim of this project is to propose a health care system, which is mainly aimed for patients to have a control over their own medical record and data. The challenges that are faced by e-health system that could thwart the use of IT in health care system are discussed in this dissertation. The future generation technologies that can be used in an e-health system have been reviewed, and taken into consideration while designing the overall e-health system. A review of the user privacy and data security in e-health system has also been performed, and it is concluded that data security and user privacy has to be given a greater priority in terms of designing the e-health system.

A prototype of an e-health system, which is capable of authenticating the users in an e-health system and controlling their data, is proposed. Security of the data that is stored in the cloud environment has also been considered while creating a prototype. The overall system is created in visual studio 2013, by utilizing web development application ASP.NET MVC 5, and Microsoft .NET C#. The application that is created is deployed in Microsoft Azure cloud, which also stores the data, which is simulated for the purpose of evaluation of the overall system. The data stored in the cloud is encrypted using symmetric key encryption, whereas the keys used in order to encrypt the data is stored in the local database by using different hashing algorithms.

By making the use of console programs that are written in C#, offline attack tools in Kali Linux such as Oph Crack, John-the ripper and Hash cat, and some external load creation and testing tools such as Blaze meter, Jmeter and PRTG network monitor, the evaluation of the overall e-health structure, in terms of security and privacy, is performed.

After evaluating different aspects of the designed e-health system, the results are analysed. Trust is a major factor factor that needs to be considered if technology of single sign on and federated identity management is to be utilized in the e-health system, and it is concluded that the social providers, mainly Facebook, shouldn’t be trusted in terms of data privacy and security. It is figured out that Facebook gives out all the user information, whereas Google and Twitter, although not as bad as Facebook, shouldn’t be trusted either. Similarly, the importance of data encryption in an e-health is also stressed, and it is concluded that AES is better than DES in terms of security and throughput, and in the condition independent scenario, AES is better than DES in terms of latency too. Similarly, it is also concluded that key management is an important aspect in an e-health, thus special attention should be provided towards it. The use of one way hash in order to encrypt the key is not a great practice, as it is concluded that the hashes can be cracked in a very little time by a powerful computer. Moreover, the use of salt along with the hash is suggested, as it will make it difficult for the hackers in order to crack the passwords through the hash.

40062051 SOC10101

This dissertation concludes that the prototype of e-health system designed in this project is capable of authenticating a user to take control of their own data. However, encryption of the keys used to encrypt the data, and the overall key management strategy is identified as the major limitation of this e-health system. Moreover, the use of social log in providers as an external ID providers can also be questioned in terms of user privacy. This dissertation concludes by providing the reflection on areas of e-health system that needs to be researched and studied in future, before implementing it for the use of general public.

40062051 SOC10101

1 Introduction

1.1 Project OverviewComing in to the modern era, technology has a massive influence in how we live our lives. Hall(2012), in his book, states that human race believes they have a control over technologies, however, it is the other way around (Hall, 2012). The evolution of internet and the rise of cloud computing has proven to be a revolution in the field of sharing information. This evolution has also made a massive impact on health care system across the world.

The aim of this project is to produce a web application that provides a secure authentication and authorisation on a cloud-based e-health system for the diabetic patients. The user interface is designed by taking the strength of the frameworks proposed by previous researches, in order to produce the next generation authentication infrastructure. The implementation was carried out using ASP.NET MVC5, Microsoft .NET C# and the application was deployed on Microsoft Azure cloud. The web application is used in order to evaluate the effectiveness, performance and security of different methodologies and approaches that were taken into consideration.

1.2 BackgroundThe number of people who are diagnosed with diabetes mellitus is increasing dramatically all over the world. This has increased the need in an efficient system that can be used in diabetes management. Diabetes is a metabolic disorder that is mainly characterized by hyperglycemia (high blood sugar) because of defects in response to insulin (Spanakis, et al., 2012). Diabetes UK defines diabetes as “Diabetes is a condition where the amount of glucose in your blood is too high because the body cannot use it properly” (DiabetesUk, 2015). This disease has two main forms: Type 1 and Type 2

Type 1: It is mainly characterised by diminished insulin production due to the loss of beta cells in pancreatic islets of Langerhans. The loss of beta cells is mostly caused due to the immune-mediated cell destruction. This disease can be managed by administrating insulin along with blood glucose monitoring (Spanakis, et al., 2012).

Type 2: It is mainly characterised by increase of basal insulin secretion rate which causes the progressive insulin resistance. This eventually results in beta cells not being able to produce enough insulin, thus type 2 becomes similar to type 1 (Spanakis, et al., 2012).

According to Inzucchi, et al. (2012), glycemic management in diabetes has become very complex and concerning, and there is a great need of management of hyperglycemia. Hyperglycemia is a term for expressing high blood sugar. Thus there is a need for a diabetes management system that is more centered towards the patients where the patients have control over their own data.

Recent years has seen a massive increase in the use of technology in health sectors. According to a survey in 1999, 74% of the US internet users searched for health and medical information online whereas 63% of the internet users searched for general and preventive health information (Ball & Lillis, 2001). A survey shows that more than 90% of general practitioners in UK make use of cloud computing to maintain the patient’s health record (Jha,

1 | P a g eB. Prajapati - BEng (Hons) Computer Systems and Networks

40062051 SOC10101

et al., 2008). However, the same survey claims that the usage of computers in hospitals are not very common with only an estimation of 7.7 % of hospitals in UK having the full electronic clinical results (Jha, et al., 2008). These figures of usage of health care system are relatively low in comparison to the rate at which technology has risen in past few years. There are lots of challenges that is involved with the e-health.

This paper will look into the factors that affect the use of e-health, propose a patient centric e-health platform that can be used by diabetic patients as a diabetes management system, with simulated patients’ data stored in the cloud, and evaluate the security of that e-health platform in terms of different metrics.

1.3 Aim and ObjectivesThe overall aim of this project is to produce a framework that is capable of authenticating and authorising the e-health users, mostly diabetic, so that they have access and control over their own data. To meet this aim, the following objectives must be met:

1. Produce a literature review on authentication measures for e-health system over the cloud, focusing on federated identity management system, authorisation measures, access control and data security.

2. Design and implement a user interface for users to authenticate themselves to get the access to the resources in the application.

3. Evaluate effectiveness and performance of the application by simulating a certain number of users to consume services simultaneously. Also evaluate the vulnerability and data security of the user data by performing white box pen testing.

1.4 Dissertation StructureThis Dissertation is divided into six main chapters. They are:

Chapter 1 INTRODUCTION: This chapter gives the overall project overview and background in e-health and diabetic management system. This chapter also provides the information about the main aim and objectives of this project, along with the dissertation structure.

Chapter 2 LITERATURE REVIEW: This chapter, discusses the cloud computing and its evolution, along with the revolution of e-health system and it requirements. It focuses on authentication measures in e-health system by analysing previously proposed and existing e-health frameworks. This chapter provides the basis shaping the overall project by analyzing and bringing together the important components of e-health system.

Chapter 3 DESIGN: Based on the outcomes from literature review, this chapter introduces a design of the interface that provides an authentication and authorization to the e-health users.

Chapter 4 IMPLEMENTATION: This chapter outlines all the steps taken in order to create user interface and the data structure in order to create a complete e-health structure. It also contains the snippets of codes and screen shots to demonstrate the functionality and the process followed to build the system.

Chapter 5 EVALUATION: This chapter utilizes the system build by following the implementation in order to evaluate different aspects in an e-health care system. In order to carry out the evaluation, many different programs were written, along with the use of some external tools. The experiments and results are well explained, which were then used to produce an in depth analysis.


40062051 SOC10101

Chapter 6 ANALYSIS: This chapter extracts the results following the experiments in the evaluation chapter and analyses them in terms of different parameters. It also compares the achieved results with the ones that have been achieved previously from the resurches that have been discussed in the literature review.

Chapter 7 CONCLUSION: This chapter reflects on the achievement and success of the project by providing the critical analysis of this project. This chapter also gives a self-reflection with detail on the difficulties faced during the course of the project explaining solutions and the skills learned through this project. Finally it ends with the tasks that could be carried out in future that can benefit the field of e-health.


40062051 SOC10101

2 Literature Review

2.1 IntroductionThis chapter provides the background and understanding to the e-health and its overall structure. It starts off with giving the background to the cloud computing and its current state (Section 2.2), and gradually turns its focus to e-health, its importance, current state, existing frameworks, and gives a background on diabetes management system(Section 2.3). Different Identity management system and details on Federated Identity management system (Section 2.4 and Section 2.5) follows thereafter which gives the understanding on authentication measures, and also provides the information on the current federations that exist for the purpose of authentication through the single sign on measure. This chapter also focuses on different authorisation policies (Section 2.7) and data encryption measures (section 2.7) that are used in order to safe guard the data and resources from unwanted visitors. This chapter also provides an overview on laws and ethics related to the health care systems (section 2.8) and finally concludes (Section 2.9) with the main findings that could be utilised in order to design the user interface for e-health users.

2.2 Cloud ComputingReliability, cost efficiency and easy accessibility have made internet a powerful computing platform in recent years. Data accessibility has been moving away from the traditional to more advance methods with the help of internet. Thus making data accessible from any places that has the broadband access. This paradigm of computing world is known as cloud computing (Bertino, et al., 2009). National Institute of Standards and Technology (NIST) has defined cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (Mell & Grance, 2011). In other words, cloud computing provides us a platform to access not only data, but also software, services and infrastructures from anywhere in the world.

Cloud computing is very popular amongst huge number of business organizations and home users. In a recent stat by Eurostat, it is shown that 46% of the business firms made use of advanced cloud services in relation to the financial software application, customer relation management or running the business in 2014 (Anon., 2014). The other study has shown that 60% of business have utilized cloud computing platform to perform IT operations (Anon.,n.d.). Another study also shows that there has been the growth of nearly 16% with users utilising the online services provided by the retailers in 2014 (Anon., n.d.). There are many reasons behind the popularity of cloud computing. Some of them are listed below:

Scalability: Cloud computing makes it easier for small firms to make use of the infrastructures which scales over several data centers (Grossman, 2009).

Simplicity: Cloud computing has saved complication involved in distributed computing by making the use of APIs to provide application and storage services (Grossman, 2009).


40062051 SOC10101

Cost efficiency: Cloud computing provides businesses the required infrastructures and resources in low cost (Grossman, 2009).

According to NIST, a cloud computing model is mainly composed of the following five essential characteristics (Mell & Grance, 2011):

On demand self-service: A consumer is able to utilize the computing facilities as per their requirement without the need of human interaction with each cloud service provider

Broad network access: There is the availability of computing facilities over the network and accessibility through the standard mechanism, which promotes the use of cloud over many platforms ranging from mobile phones to workstations.

Resource pooling: In cloud computing, the service provider’s computer resources are pooled in order to facilitate multiple consumers with different resources dynamically, using a multi-tenant model. This model makes sure that the consumer has no knowledge about the location of the service providers.

Rapid elasticity: The computing facilities can be elastically provisioned and released, to scale with the appropriate demands. However, the facilities are mostly available unlimitedly and there is a possibility of provisioning it at any time.

Measured service: There is an automatic control and optimization of the resource by cloud system. Usage of the resources can be monitored and controlled by providing transparency for all the parties.

The flexibility and huge number of utilities have also added to the popularity and massive usage of cloud computing. Many private and public organizations can use cloud computing for many purposes, as it has lots to offer. All the services that are provided by cloud computing are delivered in the real time where there is internet availability. Most of the services that are offered by cloud computing can be categorized into following:

Software as a service (SAAS): SAAS, which is commonly known as an Application Service Provider (ASP) model, is multi-tenant platform which utilizes the object code of an application and underlying database to facilitate multiple consumers simultaneously (Rimal, et al., 2009). In this model of cloud, users rent the software for a subscription fee instead of buying the software, hence the software would be updated centrally, releasing user from having to worry about the versioning issues (Dahbur, et al., 2011). Some of the cloud providers that provide SAAS are Google Docs, salesforce.com etc.

Platform as a service (PAAS): Cloud computing provides the platform to the developers to develop, test, deploy and host the sophisticated web applications via the concept of platform as a service (Rimal, et al., 2009). The applications and the services developed over the cloud can be utilized by the third parties. This model of cloud is becoming very popular recently, since the small and startup companies can develop and deploy their own applications without having to worry about acquiring the servers (Dahbur, et al., 2011). Google’s Apps engine, Microsoft’s azure platform etc. are some of the examples of the cloud providers that provide PAAS.

Infrastructure as a service (IAAS): Cloud computing delivers the latest computer infrastructure as a service to the customers, which they can consume according to their needs. This service is highly flexible and quickly deliverable (Rimal, et al.,2009). Amazon.com and S2 are some of the cloud providers that provide IAAS.


40062051 SOC10101

Hardware as a service (HAAS): Cloud provides the enterprises and organisations with the virtual hardware and data centers, which saves them having to invest and manage new hardware (Rimal, et al., 2009).

In the current market, there are many organizations that provide cloud services to the consumers depending on their need and scale of the business. Amazon cloud, Microsoft Azure, Sun cloud etc. are a few to name amongst them. Every cloud service providers has their own strengths and the frameworks that they support. The following table shows the comparison between some of the most popular cloud service providers in terms of their features, security, storage and service provided.

Google App Engine

Microsoft Azure

SunCloud Amazon Web Service

Force.com

Computer Architecture

Google’s geo-distributed architecture

Provision of an OS and developer services which combines to provide a cloud service platform to be hosted in Microsoft data centers

Solaris OS Allows uploading of XEN virtual machine images and has the feature of client APIs.

Multitenant architecture that has metadata driven development model.

Service PAAS PAAS PAAS IaaS, Xen images

SAAS confined to API

Load balancing

Automatic load balancing

Built in hardware load balancing

Possibility of hardware balancers outperform software balancers

Allows users to balance incoming traffic across multiple EC2 instance

Load balancing among tenants

Fault Tolerance

App-engine cron service

In event of failure, services automatically begins using another replica

Schedules the service request and failover occurs if node fails

Automatically alerts failover and change over to last known state.

Self management and tuning

Storage Proprietary database

SQL server data services (SSDS)

MySQL’s row- based replica

Simple storage service

Force.com database

Security Google secure data connector

Creation of SAML token in accordance with security

User-provisioning and meta directory solution

Type II sysTrust SAS 70 Type II


40062051 SOC10101

token serviceProgramming framework

MapReduce programming framework to support python and JAVA

Microsoft.net

Solaris OS, Java, C, C++, Python, Ruby

Amazon machine image(AMI), Amazon Mapreduce framework

.NET, C#, Apache

Table 1: comparison between cloud service providers (Rimal, et al., 2009)

With all its benefits and utilities, there are still great risks involved with making the use of cloud computing and its services that suffices to be the barrage for many of the organization who are looking to make the use of cloud computing. There have been multiple cases where the leading cloud providers have suffered from the data loss or deferral of services. In 2009, salesforce.com had more than 900,000 subscribers locked out of the CC applications resulting in the great impact on the subscribed businesses whereas in September the same year, in another incident, almost 800,000 users of a smart phone “sidekick” didn’t have access to their data, which were stored on servers that were owned by Microsoft. This was regarded as the biggest adversity in cloud computing at that time (Dahbur, et al., 2011). Grobauer, et al. (2011), in their paper, have discussed some of the key vulnerabilities that might have an effect on consumers of cloud computing. They are listed as follows (Grobauer, et al., 2011):

Unauthorised access to management interface: The management interface which is used to manage the user of cloud services are relevantly vulnerable to the intruders, which may result in an unauthorised access to the portal.

Internet protocol vulnerabilities: Since the cloud services are accessible via internet, it is always vulnerable to some internet attacks, such as man-in-the-middle attack.

Data recovery vulnerability: The resources that are available to one user might be reallocated to a different user in order to facilitate all the users with the services, which creates a possibility to recover the data that had been written or stored by the previous users.

Metering and billing evasion: The cloud service providers meters the data in order to provide optimized service delivery, however there might me billing data manipulation and billing evasion as a result of that (Grobauer, et al., 2011).

According to Lonea, et al. (2013), the security of a cloud system is mainly based on good management of three sections which can be seen in figure 1.

In spite of all these vulnerabilities and risks, currently, cloud computing and its facilities are mostly being utilized by millions of retail and financial organizations. Most retail organizations have facilitated the customers with the online purchase services using PAAS service that is provided by the cloud computing. However, it’s not only the retail and financial organizations that are benefitting from moving their businesses to cloud environment. Education establishments are continually looking for the opportunities to downsize their resources by utilizing the data storage service provided by the cloud servers (Sultan, 2010). Health care is another field that has been making utilization of cloud environment in the storage and sharing of the data. There has been a quick escalation in the use of IT in health sector since the development of first telemedicine application in 1960s (Dansky, et al., 2006).


40062051 SOC10101

Figure 1: Security elements for cloud computing system (Lonea, et al., 2013)

2.3 E-HealthIn order to improve the quality of health care and widen the accessibility, health care providers are consistenly looking to inject information and communication technology to the traditional health care system (Mair, et al., 2012). This whole process can be defined as e-health. World Health Organization (WHO) has defined E-Health as “the use of information and communications technologies (ICT) in support of health and health-related fields, including health-care, health surveillance, health literature, and health education, knowledge and research” (Blaya, et al., 2010). In other words, e-health can be defined as the use of information technology in order to make a progressive approach in the field of health care.

The past decade has seen the steady growth on the study and research related to the implementation of e-health system and its evaluation. A study has found out that 56%-79% of internet users in US seek health information over the internet (Andreassen, et al., 2007). Not just US, but people from all around the world have started making a great use of technology for their healthcare system. Thus, the national health authorities around the world such as English NHS, German Telematic platform, danish sundhed.dk etc. have began to focus on different e-health services such as electronic patient record, electronic health cards and electroninc health portals (Andreassen, et al., 2007). Many innovative forms of electronic health care services have been evaluated over the past few years in order to analyse the benefits, costs and potential consequences through it. There are also some certain requirements that an efficient and trustworthy e-health system should possess.

2.3.1 E-Health System(General Requirements)

Many surveys have been carried out around the world in relation to the requirements for use of technologies in the medical field and it was found out that security and privacy are the two most important requirement. Thus, it plays a vital role in successful implementation of e-health and other medical technologies. A survey found out that females and healthy adults require more security and privacy standards in comparison to the males and ailing elderly (Wilkowska & Ziefle, 2012). The data stored in an e-health system is very sensitiive, thus, an e-health system should always have proper security and privacy policy because the disclosure of any of the patient’s data cound have a severe consequences. The leakage or the disclosure of the data may also result in severe legal penalties to the health system providers for


40062051 SOC10101

violating the privacy laws. The laws regarding the privacy of health data is discussed in section 2.9

Eysenbach (2001), in his paper, has put together 10 e’s that characterizes an e-health. These 10 e’s can also be classed as a requirement for the e-health system. According to Eysenbach (2001), an e-health should be efficient, evidence based and equitable. It should enhance the quality of care and also follow the patient-physician ethics. It should prioritise the education of health care workers via online sources and also enable the exchange of information in a uniform method. Finally, an e-health should also encourage relationship between paitients and health professionals, resulting in the extension of scope of health care beyond the conventional boundaries (Eysenbach, 2001).

Although patient centric e-health system is the future for e-health system, there are lots of challenges that needs overcoming if it is to be successfully implemented over the coming years (Ball & Lillis, 2001). It’s not just the technical challenges that needs overcoming, but also the support and awareness for the patients, which would include consumer education, physican/consumer communication, administrative efficiencies, clinical decision support and disease management (Ball & Lillis, 2001).

Along with all these requirements, it is also necessary that an e-health system complies with laws related to the sharing of the medical data in the country. This would include the data protection act or an ethical act similar to it. The data protection and ethical acts have been discussed in section 2.9

Availability of e-health services all the time has also been cited as one of the major requirements of an e-health system by AbuKhousa, et al. (2012). In an emergency situation, the loss or an unavailability of e-health system could result in severe consequences in patient’s life, thus, it is necessary that the e-health system is available all the time (AbuKhousa, et al., 2012).

2.3.2 Importance of E-Health

Making a good use of latest technology in the field of health care can be beneficial to all the involved parties, moreover, in many situations, an efficient health care system can save a person’s life. Oladimeji, et al. (2011), in their paper, have given a scenario where the use of technology in healthcare could save an individual’s life in an emergency situation.

Figure 2 outlines the steps that are taken normally when dealing with an emergency situation in health care field, whereas figure 3 shows the use of e-health system in dealing with the same emergency situation (Oladimeji, et al., 2011).

According to AbuKhousa, et al. (2012), an e-health system over the cloud have the following known benefits to a nation:

Better patient care Reduced cost Solution to resource scarcity Better quality Support research Facilitate clincal trials Facilitate forming registries Support strategic planning


40062051 SOC10101

Figure 2: Handling an emergency situation in normal condition (Oladimeji, et al., 2011)


40062051 SOC10101

Figure 3: Utilization of E-Health care system to handle emergency conditions (Oladimeji, et al., 2011)

2.3.3 Current State of E-Health

The injection of IT in the field of health care has become progressively important to many countries around the world in recent years. As discussed in section 2.3.2, e-health has many advantages in terms of cost efficiency and improvement of personal health management. Thus, there has been a continuing effort around the world in order to implement some form of e-health system.

Hsu, et al. (2005) carried out a longitudinal and population-based evaluation on the use of e-Health service in Northern California state of USA between 1999 and 2002, where over 3 million people utilised the e-health services provided by Kaiser Permanente-Northern California(KPNC), an integrated delivery system for e-health services. Their study involved the members of the e-health service who used a web-based secure portal in order to request the appointments with their doctors and order the prescription drugs.

In order to utilize the service provided by KPNC, patients were required to register in this service by requesting a password protected account through the website. When that request was received, the IDS delivered a mail that had a randomly generated pin to the member’s home address, who then could finalise the register using the pin and create a new personal password. This e-health system was mainly designed in order to facilitate the health records to the health worker and the patients had no access to their health records at all. Although this model found out that there was an increase in the number of users by more than 8% in the span of 3 years time, this model was only limited to the interest of health workers and the patients had a minimal role in it (Hsu, et al., 2005). Thus it was concluded that a lot of research was required in order to safely implement the e-health care system for the general public.

Canadian government began a plan to implement national e-health system in 2001, however, after 10 years when a qualititive study was performed on the progress, it was lagging behind


40062051 SOC10101

many European countries in terms of implemention of national e-health care system, despite spending $1.6 billion. Lack of e-health policy was cited as one of the major reasons behind the failure of this plan, along with some of the approaches (Top-down) towards its implementation (Rozenblum, et al., 2011). Thus it was concluded that bottom-up, regional first approach was required for a successful implementation of an e-health technology.

Countries such as, Austria, Germany (German e-health card), and Taiwan(taiwan electronic medical record template) are conducting many different works in relation to authentication and access control in an e-health system. In case of German e-health card, every citizens are provided with the smart card which contains the general administrative information. The same card could be used in order to access the medical information. Every smartcard consists of cryptographic keys and functions in order to identify each patient uniquely. Taiwan electronic medical record contains a similar infrastructure which are based on smartcards, however, this model of Taiwan is more concentrated on easy information sharing (Lohr, etal., 2010).

Similarly, NHS scotland currently has its own e-health programme (2014-2020) that mainly aims to inject information and related technology with the intention of improving quality of patient care. The major strategic aims of this e-health programme includes supporting citizens to communicate and interact with NHS, manage their own health records, and improve the availability of the required information and tools for health workers in order to improve the quality of health care service. This programme also aims to facilitate everyone with digitally enabled information sharing solution, so that all the citizens and healthcare workers would be able to quickly access the information and required services, share the important information appropriately with the appropriate people and have an understanding on the information that is being shared, along with the confidence in its integrity, security and quality. Apart from accessing, sharing and controlling the information, it was also pointed out an e-health care system should be able to create an alert to trigger the people who are at risk. This programme is basically themed around placing people at the centre of health care and building partnerships between many health care bodies at local, regional and national level (Government, 2015).

At the current period though, health care systems of most developed countries face an uphill task to bring the improvement in the quality, efficency, security and safety of the citizens’ medical data.

2.3.4 E-Health Frameworks

As discussed in section 2.3.1, security and privacy of patients’ medical and personal information is a major concern in healthcare domains and there is a great need of extensive work in regards to the privacy and secure access to the patients’ records. There have been many works carried out in the past in relation to the patients’ data security and privacy in an e-health system.

Sharing of the data is an important aspect in a e-health system. In an ideal e-health system, selected doctors or health care workers should be able to access patients’ data with the permission of patient. Russello, et al. (2008), in their paper, have suggested a workflow-based access control framework. In their framework, they have used the notion of workflow in order to capture the task one has to perform as the part of their duty, which would help to determine the required privilege. The model proposed by them is mostly based on the principle of granting least privilege in order to carry out their job (Russello, et al., 2008). In other words, an entity can have access to the resource for a certain length of time, only to perform their job, and once the work is completed, the access would be revoked. This model


40062051 SOC10101

mainly follows the concept of role based access control for the health care system, and the decisions being made on the basis of the job performed by the entity. Even though Role base access control is considered as a state of art of the access control mechanism, this method is not flexible enough in order to cope with the demand that a health system or an e-health application presents in the current time.

Riedl, et al. (2008), in their paper, have introduced pseudonymization of information for privacy in e-health (PIPE) architecture in order to integrate primary and secondary usage of health data in an e-health system. Pseudonymization is a procedure in which a specifier replaces an identification data after being transformed into a specifier. This architecture provides an advanced concept for authorization, data sharing and data recovery, which would allow the restoration of access to the medical records even when the patient’s security token is lost. (Riedl, et al., 2008) claim that this concept could be used as a foundation for the national electronic health record initiatives or even as an extension to any existant e-health applications. It is also claimed that in this system, patients are totally in control of their data that has maximum security, which was achieved by the application of encryption method. The use of different encryption key in order to secure the database has also been proposed in this architecture, whereas the integrity of data is maintained by making the use of Transport Layer Security or making the use of hash values (Riedl, et al., 2008).

Ford, et al. (2009) proposes the Secure Anonymised Information Linkage (SAIL) Databank system in order to ensure the secure data transportation and reliable record matchng method in order to facilitate precise linkage of data across the different medical datasets. This system accomplies with the data protection act 1998 and makes the use of encryption of the data in order to anonymise and prevent the identification of individuals. This system also ensures that the data access is performed in a controlled environment and is properly authorised. Moreover, this system also addresses the data disclosure risk in data views (Ford, et al.,2009).

The use of Model-Driven application level encryption has been proposed by (Ding & Klein,2010) in order to maintain privacy in the medical data. Their model is based on the application’s domain model, and generates the codes and configuration artifacts in order to control the encryption logic in the health system and modify database schema. The encryption is performed outside the database, thus, called application level encryption, which would allow flexibility in an e-health system. This model has also given special focus to the key management, giving special priority where the key is stored and who has the access to the keys. It is also argued in their paper that the use of randomly generated primary master key can be used in order to protect all the keys (Ding & Klein, 2010).

In order to provide the authentication and authorization for users to consume the services provided by e-health services, Han, et al. (2006) have proposed an authorization and authentication architecture for e-health services(A3AeHS) system that integrates both role based and attribute based method into the electronic health system. This model separates patients’ general data from the sensitive record and creates an authorization policy according to the sensitivity of the data. The authorization policy is also based on the role of the entity in the system, e.g. a GP has an access to all the records of patient whereas a social worker will have access to only certain data. This model is similar to the WBAC model (Russello, et al.,2008) discussed previously, however, the attribute based access control and the proposal of multi-factor authentication system in order to access the data has made this model superior over WBAC model.

Similarly, Fan, et al. (2011) have proposed Data Capture and Auto Identification Reference(DACAR) platform for e-health in cloud computing in order to overcome the


40062051 SOC10101

concerns related to security, large scale deployment, service integration, large scale deployment, and integration and confidentiality of the medical data. DACAR platform includes Single point of contact (SPoC) to provide authentication and authorisation functionalitites, rule based information sharing policy, and data buckets service in order to support the create, read, update and delete (CRUD) attribute which are hosted by cloud infrastructures. Some of the major issues that are addressed by DACAR are authentication, authorisation, data persistence, data integrity, data confidentiality and audit trail. Apart from all these, DACAR also incude the functionalities for patient-centric e-health application, for eg: Early Warning Score(EWS) in order to react to any unusual data pattern (Fan, et al.,2011). DACAR platform also practices database-level encryption, using cryptographic signatures and kerberos authentication which ensures a great data security (Fan, et al., 2011).

Using DACAR platform, Ekonomou, et al. (2011), in their paper, have proposed a cloud based healthcare system which would integrate a formal health care system(DACAR) with an informal health care system (Microsoft Healthvault). This would enable the patients to share the health data on different health domain with their doctors, or someone who they prefer. They also claim that there is strong security and privacy of the medical data by following this practice, as the data security and privacy is ensured by both microsoft health vault and DACAR (Ekonomou, et al., 2011).

Similarly, Fengou, et al. (2013), in their paper, have proposed a framework that extends European Telecommunications Standards Institute (ETSI) architecture to deploy the standard services over next genertation IP networks (Fengou, et al., 2013). The collaboration of European Telecommunications standards, 3rd Generation Partnership Project and parlay group have defined the joint working group in the context of open service access and is responsible for developing and maintaining open service access specifications. These specifications define accessing the network functionalities by making the use of application programming interface(API). Fengou, et al. (2013), propose the use of ETSI/Parlay specifications in their e-health domain. In their framework, they have defined profile classes to categorise the users:

Patients profile Healthcare professional profile Aid person’s profile Operational domain’s profile Group profile

In terms of security in the framework, low-weight hash functions along with the combination of key is used in order to generate a message authentication codes(MACs), which is used to authenticate the users and prevent the unauthorized data disclosure in order to maintain the data integrity (Fengou, et al., 2013). Similarly, this model also uses “data integrity mechanism”, which was proposed by (Mantas, et al., 2009). In this method, data integrity is maintained by making the use of cryptographic smartcards, that contains secret keys, and MACs (Mantas, et al., 2009).

Lounis, et al. (2012) proposes a secure and scalable cloud-based architecture in order to deal with the challenges such as security and availability, created by the collection of health data with the means of medical sensor networks (Lounis, et al., 2012). They have claimed that the proposed mechanism for the data security is effective and flexible, as well as guarantees the confidentiality, integrity and access control to the medical data by making the use of combination of several cryptographic schemes. Their proposed framework considers two categories of users rather than 5 that was proposed by (Fengou, et al., 2013), i.e. patients and health professionals. Access control is achieved by making the use of attribute based encryption(ABE) in order to encrypt the data before storing it in database. There is a


40062051 SOC10101

restriction to unauthorized access by using randomly generated symmetric key and security access policy which uses the combination of logical expressions through OR, AND or other operators. (Lounis, et al., 2012).

de Melo Silva, et al. (2014) have proposed the use of federated identity attributes for the secure storage and sharing of medical data in the cloud. They propose the use of SAML for the deployment of federated identity management. The collaborative networks between the institutions would enable the sharing of services between the users, and also enables the attribute management and facilitates single sign on. Like Lounis, et al. (2012), they too have proposed the use of attribute based encryption by providing users the cryptographic keys that would represent users true characters. They too, proposes the use of AND or OR operators and attributes to build a logical equation for security policies (de Melo Silva, et al., 2014).

The use of attribute based encryption is also supported by Li, et al. (2013), who proposes the use of individual secret key for every data owner(e.g. patient). It also supports the view of encryption of health record by using an encryption method, and implementation of role based access policy for users to access the data. They also claim that the security and access policy should be updated regularly, and there needs to be a provision of an audit trial to measure the effectiveness and security of data (Li, et al., 2013).

2.3.5 Diabetes management system

Diagnosis of a disease as early as possible helps in reducing the risk that is posed by the disease. Similarly, in case of diabetes, if diabetes, especially type 2, could be diagnosed early, there is a better chance of taking special care towards the management of diabetes. Use of electronic health record can be helpful towards the diagnosis of the disease plus the management of the disease in a real time.

According to Benhamou (2011), Use of electronic medical records are thought to be very useful in terms of improving diabetes care. Integration of the patients records along with decision support systems enables to make decisions and recommend the care method in order to tailor the risk level. It is also mentioned in his paper that web-based shared system for self managing diabetes can improve diabetes care (Benhamou, 2011).

Heck, et al. (2013) proposes an e-health care system that has integrated autonomic neuropathy detection for individuals with diabetes. The proposed system has the provision of storing data and results to a specified data server by analysing and classifying the data accordingly. It has its own analysis tool that can detect the unusual or abnormal behaviours in data pattern that would benefit users to manage the disease efficiently and effectively (Heck,et al., 2013).

Similarly, Al-Taee, et al. (2013), in their paper, propose an e-health platform for supporting self-management of diabetes, especially Type 1 that mainly is diagnosed in children and adolscents. The applications were designed using Model-View-Control pattern which is an ideal platform to separate user interface(view) from data(model). This platform has a model for the interaction of view and model through the controller which controls the inputs and converts it to the appropriate command for view or model (Al-Taee, et al., 2013).

From the DACAR platform, the concept of early warning score (EWS) can also be used in the detection of any abnormal pattern of data in the health record and alert the user about that data (Fan, et al., 2011).

Likewise, Inzucchi, et al. (2012), has discussed about the patient-centered apporach in order to manage hyperglycaemia in type 2 diabetes. In their paper, they have proposed the involvement of both clinician and patient in the act of decision making by taking the shared


40062051 SOC10101

decision-making approach. They also cite the importance of patients centric approach, stating that engeagement of patient in undertaking healthcare decision may result in enhancement in adherence to the therapy (Inzucchi, et al., 2012).

2.4 Identity managementAccording to Leandro, et al. (2012), an identity management is a set of capabilities such as policy enforcement, user discovery, identity maintenance and authentication, which are used to ensure the user identity information, therefore assuring the security of a system (Leandro,et al., 2012). An identity can be defined as “Representation of an entity (or group of entities) in the form of one or more information elements which allow the entity(s) to be uniquely recognised within a context to the extent that is necessary (for the relevant applications)” (Chadwick, 2009, pp. 96-120). In other words, identity is a mean for any person or an object to be known amongst a group of individuals. Passport, driving license, student ID etc. all act as a form of an identification that an individual can use to identify themselves in the real world. Similarly, an identity management system facilitates with the tools which can be used to identify a user and manage their identity in a digital world.

In order to provide a secure user experience in the cloud based system, an identity management plays a vital role. In fact, when it comes to a health care system, identity management system is a major prerequisite. A secure health care system should make sure that the data which is stored in the cloud could only be accessed by the authorized set of users, thus it is necessary that the identity management is given the greatest priority (Lonea,et al., 2013).

An Id management system is mainly comprised of different protocols and software components, which are mainly used to address user identity, verify a user and authorize them to have the access to the data. Usually, an Id management system involves three different entities, that actively takes part in the life cycle of the system (Leandro, et al., 2012). They are:

User: They are all the individuals who have a digital identity and uses services ffrom the specific website.

Identity Provider: They are the web-sites or database which contains the attributes about the users. They have users’ identities and their role is to authenticate the user. Some of the most common Identity Providers currently are Facebook, Google, Twitter, Microsoft, Post Office etc. Every Identity provider has their own set of advantages and also some drawback. Also, the attributes of the users retrieved through every identity providers differs as well.

Service Provider (Relying Party): They are the applications or the websites that provides services to the user. They rely on Identity Providers to perform the authentication to users.

These three entities are inter-connected by a set of rules which is also known as identity management platform. It defines how the information is transferred between the different entities of the system, and also defines the boundary of the data sets that are being transferred.

An Identity management system needs to consider the following components in order to build a secure and user centric system:

Identity Provisioning and de-provisioning Authentication Identity Federation


40062051 SOC10101

Access Control

2.4.1 Identity Provisioning and de-provisioning

According to Lonea, et al. (2013), an identity provisioning is the process of registering users to the system in a secure manner, so that they will get an access to a specific set of data and resources. Identity provisioning can also be defined as a practice of providing users in an organization with different set of roles. User provisioning is always a major challenge in an identity management system as it is important to understand a role of an individual in an organization. It is always necessary to make sure that the privilege provided to an individual in an organization should be just enough to do his role. It is also vital that frequent auditing is performed regarding the role of an individual in an organization, whereas all the access of the individual should be revoked as soon as the individual departs from the organization (Lonea,et al., 2013).

2.4.2 Authentication

Authentication, without any doubt, is the most important factor that needs to be considered while developing an e-health structure. It is a known fact that the medical data are sensitive, and no one would prefer their data to reach in the wrong hands. Although there are a lot of talks involving around a patient-centred e-health system, it is equally important that the patients understand the consequences of the misplacement of their data. It is also necessary that they are provided with the safe platform where they can authenticate themselves securely in to that system, and then authorize the access to share their data with the selected people of their choice.

According to Wang, et al. (2009), authentication acts as a first line of defence in any network application or a cloud based system. A good web system must have an authentication structure that can be used to verify the the legitimacy of a user’s log in request (Wang, et al.,2009). In the other words, a user or a visitor must be able to prove their identity to the system in order to gain an access to any of the services provided by the web system. Coming up to this date, text based password has been used as a form of identification that is used to authenticate a user.

Passwords are still the most common form of a digital identification, however, there are uncountable occasions where a user’s password has been compromised using brute force. A password-based authentication structure work by comparison of user entered password with stored secrets (Gao, et al., 2008).

Although the passwords are stored in an encrypted form in the database, the increasing power of computer system has provided a great platform for the malicious users to crack any password in a given time. In fact, a recent study shows that computer with 25 GPU can crack every standard windows password in less than 6 hours (Goodin, 2012). The most common threat model is stealing of hashed passwords that is stored in the database, as a result of which, an attacker can make an attempt to crack those hashed password offline. This method has seen a massive growth in recent years. In order to mitigate the threat of this attack, the system administrators have started to specify password policies, which will force users to create the passwords in adherence to the requirements that is designed to make the guessing job harder (Kelley, et al., 2012). Although research (Kelley, et al., 2012) shows that a typical requirement for a password is the inclusion of number and symbols, different systems might have different password policy with different complications and algorithms. This, as a result, forces users to create multiple complicated passwords for every other system that they visit.


40062051 SOC10101

A study shows that a user in an average has up to seven active passwords, whereas it also claims that an active user who has account with multiple sites types their password in an average of 8 times a day. The same study also disclosed that an active user has an account with 25 different sites (Florencio & Herley, 2007), further increasing the possibility of user forgetting the password for particular site, hence, they tend to make note of their passwords, either in a written form or by storing it somewhere, which is a really perilous practice. In order to aid a user from such complication and restore the sense of security in authentication process, there has been a revelation in an online world in the form of federated identity management system (Alliance, 2002). More discussion on Federated Id management system is done in section 2.5

Authentication has a great importance in health care system. Patients should be able to authenticate themselves in a secure system in order to obtain an access to the secure materials. Gomes, et al.(2007) have proposed a public key infrastructure (PKI) based authentication architecture in order to authenticate users to an e-health system. PKI is the general technology for implementing e-Health security services, however, in this paper, the use of unpublished, short lived certificates and non-revocation mechanism in order to authenticate while access a health care system has been proposed(Gomes, et al., 2007). Similarly, from the section 2.3, it was concluded that multi-factor authentication is one of the major requirement in an e-health system.

2.4.2.1 Multi-Factor Authentication

Due to all the vulnerabilities that are involved with the use of passwords, there has been an increasing demand for different authentication measures. Li & Hwang (2010), have suggested the use of biometrics-based remote user authentication system that makes the use of smart cards, where the cost is relatively low in comparison to the other schemes. They also made similar case about the use of passwords, citing that the use of passwords is vulnerable and easy to attack using the simple dictionary attacks. Uses of cryptographic secret keys are also suggested in their paper, however, it is argued that the randomness and length of those secret keys makes it extremely difficult for users to remember (Li & Hwang, 2010). More use of cryptographic ways of storing the data and information is discussed in section 2.7

Use of smart cards for authentication has also been supported by Yang, et al. (2008), suggesting that it provides the two factor authentication. They have suggested a scheme where a smart card could be used alongside the password in order to provide a mutual authentication to the server resources. They have also claimed that the suggested scheme could eliminate all the redundancies and ambiguities that existed in the older methods, and also supports cryptanalysis because of its simplification (Yang, et al., 2008).

Usually, the authentication measures are based on the following questions:

Who you are? What you have? What you know?

Traditional passwords and memorable questions act as “Something you know”, smart cards can act as “something you have” whereas the use of biometrics would act as “someone you are”. The use of biometrics and smart card, alongside the traditional method of passwords, would create a three factor authentication which is considered to be a secure authentication method, however, Brainard, et al. (2006) suggests a fourth authentication factor, which is based on a question “somebody you know?”. It is argued in their paper that passwords are easily retrievable, whereas physical smart cards could be stolen or duplicated, and biometrics are often not secret, as people are publicly exposing their voices and fingers in many ways on


40062051 SOC10101

a regular basis, which creates a possibility for spoofing of biometrics. Therefore, it is better to use a fourth factor authentication (Brainard, et al., 2006). This fourth factor of authentication is completely based on “web of trust” and although this too is not completely secure, it provides an added layer of authentication, as a result an intruder has to face more complication in order to authenticate themselves into the system (Brainard, et al., 2006).

2.5 Federated Identity ManagementIt is explained that:

“Federated identity refers to a model of distributed identity management in which one web site, in the interest of usability for users and efficiencies and economies for itself, decides to accept identity information and authentication operations maintained at another site” (Madsen, et al., 2005, November, pp. 77-83).

This means that any user who has his identity with a website which acts as an identity provider doesn’t have to authenticate self to visit or consume the services of other websites. For an example, a user can log on to the company’s intranet and visit multiple sites to access the services, such as health care services, banking services etc. without having to re-authenticate in these systems (Shim, et al., 2005). Federated Identity management system, thus, reduces the cost and efforts involved in profile management process for service providers and the users. It facilitates the users to link and control their identity profiles from multiple accounts, and have a full control over sharing their identity attributes between many service providers (Alsaleh & Adams, 2006).

2.5.1 Benefits and current state

Federated Identity Management (FIM) is currently attracting interests from many areas and interest groups. From government to non-government organizations, FIM technology has become a revolution in the technology world in the past decade. The industry first began to develop federated identity system for “single sign-on” online identity management around 2001. At that time, Microsoft was developing the passport system whereas Liberty Alliance was developing set of open specifications for online single-sign on and identity federation (Landau & Moore, 2012). Microsoft’s Passport system deployed a centralized framework that consisted of Microsoft as the only identity provider, which was one of the reasons behind its limited use, as there were more users’ privacy concerns and only one trusted third party (Alsaleh & Adams, 2006).

With the years of experimentations and discussions about federated identity, at this point, federated identity management system is taking a huge stride towards the authentication procedure in cloud computing. With the increase in many heterogeneous web application, there is a huge demand for the transformation of the typical authentication measures and the introduction to new authentication and authorization measures. Modern day web architectures have to focus on providing access control to a large number of applications and services, equally keeping their focus on the basic requirements such as privacy and distribution. Gaedke, et al. (2005), in their paper, have suggested using building blocks for Identity and Access Management(IAM) as a solution to the identity management in the modern days web applications. Federated Identity Model has been suggested as one of those building blocks towards the IAM in their paper. In their model, protected resources and the security token services have been seperated in order to make the use of federated identity model (Gaedke, etal., 2005).

Phishing and Pharming are two of the most common attacks that is used for ID theft. Madsen, et al. (2005, November) suggests that Federated Identity, with the combination of other


40062051 SOC10101

strong authentication measures, can be used to prevent such theft. Phishing attack nomally involves convincing users to enter their username and passwords by directing them into the rogue site which resembles the original site. Use of federated identity can rectify this possibility of phishing, as for a valid site, if users chooses to authenticate themselves, they would be redirected to the external trusted provider who then takes the responsibility of authenticating the user to consume the services (Madsen, et al., 2005, November). Similarly, use of federated identity would encourage users to use stronger password as they would not be required to remember many strong passwords.

Most countries around the world are looking at ways to inject ICT into their government service in order to facilitate towards their citizens’ experience while consuming their services. Federated Identity management system is the backbone of the e-government that the countries around the world have adapted or are trying to adapt. Basically, people will use online credentials they hold with certified third party- Identity providers to access online services offered by relying party- both government and commercial. (Brostoff, et al., 2013,November). US government, especially, had started taking fed ID as one of the crucial part of the e-government, hence, in 2002, they developed PKI for cross department authentication (Landau & Moore, 2012).

Similarly, In April 2011, National Strategy for Trusted Identities in Cyberspace (NSTIC) published a paper related to strategies that it was going to adapt in order to implement trusted identity management system which would encourage the users to use fed ID management system while performing online business transaction (Anon., 2011). The same paper also states the vision of the strategy as “Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation” (Anon., 2011).

There are many advantages of implementation of federated ID management system, one of the major one being simplification of administration. Jensen (2011) has discussed some of the benefits of using federated ID management. The benefits were categorized from the users’ and business perspective (Jensen, 2011).

User Perspective Business PerspectiveIncreased privacy protection Reduced costBetter Security Improved data qualityImproved usability Increased Security

Simplified/Imporved user managementReduced complexity for service providersFacilitate cooperation

Table 2 : Benefit categories from a user and business perspective (Jensen, 2011).

In his paper, Jensen made few arguments in supporting the use of federated ID management system. Some of the major issues are discussed below.

Jensen has brought forward the benefit of data privacy for users, as the users can control their personal data themselves and control the entities that can access their data. He has also supported the claims made by Madsen et al. that the reduction in the number of authentication operations would enable users to choose stronger passwords at their Identity Providers, resulting in the better security. He has also argued that fewer and stronger authentication events will help to minimize the risk of ID theft (Jensen, 2011).


40062051 SOC10101

2.5.2 Existing Federations

There are many federations that currently exists for different purposes. Most of the existent federation are network based federations. Liberty Alliance, WS-Federation, Open Athens and Shibboleth are some of the major identity federation architectures that currently exists, and that are using different sets of protocols in order to provide the federated identity management services to their users.

2.5.2.1 Liberty Alliance Federation

The liberty alliance is a global consortium of more than 150 companies and non-profit organization that has been developing the standards for the federated identity. The major aim of this consortium was to create a unique infrastructure that supports all the existing and emerging network access devices and has defined the interoperability policies for those products (Shim, et al., 2005). In their paper, Shim, et al. (2005) has discussed the architecture and the components of the Liberty alliance framework. It is also claimed that the Liberty alliance project has collaborated with other federated identity standards, for example WS-Federation, in order to analyse and assess the potential for converging overlapping function (Shim, et al., 2005).

Figure 4 gives the brief overview of the liberty alliance architecture. It is comprised of 3 major sections, i.e. Federation Framework, Service Interface Specification and Web Services Framework.

Figure 4: Overview of Liberty Alliance Architecture (Madsen, et al., 2005, November)

Liberty ID Federation Framework:

The ID Federation Framework provides the definition for the single sign on system, linking user account and session management. This framework is mainly based on existing XML based standards and it enables multiple web based service providers to combine to form a federated network with an identity provider, which then facilitates users to operate between the network members in a secure environment. Users would only be required to sign in once in order to access the web sites that are in the circle of trust (Shim, et al., 2005).

Figure 5 gives us the overview on the processes that is involved in the single sign on system (Madsen, et al., 2005, November).


40062051 SOC10101

Figure 5: Sequence flow in single sign-on processes (Madsen, et al., 2005, November)

When a request is made by a service provider to authenticate a user to consume their services, an identity provider authenticates the user accordingly and issues a confirmation in the form of an authentication assertion (Madsen, et al., 2005, November). The processes involved while authenticating a user are as follows:

First user enters the service provider’s website. Then it selects from a list of trusted Identity provider to become its identity provider.

Then the user is redirected to the authentication page of Identity provider where they provide their credentials to verify themselves.

Then the Identity provider verifies the user with the credentials that user have entered. Upon the verification, IdP sends the service provider a unique authentication assertion, which acts as a key for user to access the services from service provider.

Liberty ID Web Services Framework

Liberty alliance also defines ID-WSF by which user information can be shared and maintained at the service providers with user’s permission. This framework enables service providers and ID providers share the user’s information between themselves using user’s consent (Madsen, et al., 2005, November). According to Shim, et al. (2005), ID-WSF leverages the services that are in ID-FF to create a framework that builds interoperable ID services, enables attribute sharing based on user permission and associate security profiles. The deployments of ID services are made using a SOAP-based framework that contains layered architecture. Some of the key features of this framework include permission based attribute sharing, discovery service, interaction service, SOAP binding and Security profiles (Shim, et al., 2005).

ID Services Interface Specifications

ID-SIS is an extension of ID-FF and ID-WSF in order to support a wide range of identity based application services like profile services, calendar services, location-specific service etc. Shim, et al. (2005) claims that this framework can address the requirements of emerging industry related to identity federation by using mobile technology.

Most of the current federated identity technologies and services are based on the frameworks that is suggested by Liberty Alliance. Many other architectures are based on the concept of


40062051 SOC10101

the framework proposed by the Liberty Alliance (Madsen, et al., 2005, November). However, from the user’s perspective, Liberty Alliance’s model of Federated Identity contains a major drawback. The model presented by Liberty Alliance restricts the user’s single sign on ability just to one federation, thus users are not able to use their credentials in other federations.

2.5.2.2 WS-Federation

WS-Federation provides the basic model for the federated identity in relation to the identity providers and relying parties. It mainly comprises of WS-Security, WS-Trust and WS-Security Policy, which combines to define a mechanism to codify claims related to a request in the form of security tokes, which is then used to authorize any web service request in accordance with the defined policy (Goodner, et al., 2007). In their paper, Goodner, et al. (2007) also state that WS-Federation describes the claim transformation model that characterizes the security token exchanges, thus enabling the relationship between the services in the federation on the basis of trust. In addition to asserting the claim using security token, WS-Federation can also be leveraged within the web browser environments as it has a definition for mapping of the security token onto HTTP, which, as a result, would enable any infrastructure to perform a federated identity operations with any of the web applications (Goodner, et al., 2007). Madsen, et al. (2005, November), in their paper, states that WS-Federation gives a description about the management of trust relationships in a federated environment, which includes the sharing of attributes, identities and management of all the pseudonyms (Madsen, et al., 2005, November). WS-Federation is also focused towards the security in the cloud computing. WS-security uses XML encryption and signature in order to provide the data confidentiality and integrity in cloud based system (Yan, et al., 2009). WS Federation is mainly focused towards the framework that is based on web services provided by Microsoft and IBM.

2.5.2.3 Shibboleth

The Shibboleth is an authentication and authorisation infrastructure based on SAML that uses the concept of Federated Identity (Leandro, et al., 2012). Shibboleth is a federation between the universities that would enable the universities to share their web resources, subject to control access (El Maliki & Seigneur, 2007). The shibboleth system is mainly comprised of 2 components i.e. Shibboleth Identity provider which acts as an identity provider for the user and shibboleth service provider. The steps that are followed in order to provide users authentication to the web resources are as follows:

User makes an attempt to access the protected web resources. Shibboleth software redirects user to a navigation page in order to identify where the

user is from. The navigation page contains the list of all the organizations in the shibboleth federation.

Once the user selects his organization, he is then redirected to his organization’s log in site through shibboleth software, where he authenticates himself by entering the credentials of his organisation.

Finally, shibboleth software redirects the user to the website with protected resources which is now accessible to the user. During the final redirection process, the user’s security information is also transferred through the browser in the form of an assertion which verifies that the user has been authenticated and thus the website can retrieve information about the user by making the request to the user’s organisation’s shibboleth Id provider service (Morgan, et al., 2004).

2.5.3 Federated Identity Authentication Protocols


40062051 SOC10101

2.5.3.1 SAML

SAML is an Oasis and ITU standard (ITU-T X.1141) that offers an XML-based framework for exchanging security and identity information across domain boundaries (Maler & Reed,2008). SAML defines an XML-based framework for communicating security and identity information between computing entities (Madsen, et al., 2005, November). Armando, et al. (2008) states that the security of SAML is dependent on several assumption and security mechanisms. SAML is an emerging standard in the context of SSO and is used as the authentication protocol for many federated identity federations such as Liberty Alliance Project and Shibboleth Project. Moreover, established software corporations tend to base their single sign on implementations by making the use of SAML (Armando, et al., 2008). The working structure of SAML has been explained in the previous section with Liberty Alliance.

2.5.3.2 Kerberos

Kerberos is a trusted third party authentication protocol based on symmetric key cryptography, which has been built to a system that provides network wide security services. (Al-Janabi & Rasheed, 2011). Kerberos is a time-tested and extensively used light-weight protocol which is based on an inexpensive symmetric key cryptography. Kerberos is a type of network authentication protocol that works on the basis of tickets and mainly consists of authentication server, ticket-granting server and Kerberos authentication database (Kumari &Kushwaha, 2011). According to Kumari & kushwaha (2011), the working structure of Kerberos is explained below:

A client makes a request for Ticket Granting Ticket (TGT) to Authentication Server (AS) with its ID, ID of TGT and a timestamp.

The client authenticates its identity with the authentication server The client receives encrypted TGT Using that TGT, the client makes request to Ticket-Granting-Server to get a Service

Granting Ticket that it uses in order to access the service (Kumari & Kushwaha,2011).

Kerberos protocol establishes a session key which could be used in order to provide the confidentiality and integrity for communication between authenticated parties (Adams,2011). Dua, et al. (2013), in their paper, states that Kerberos authentication protocol is prone to the password and replay attacks. Adams (2011), in his book, has listed some other weaknesses and limitation of kerberos are as follows:

A Kerberos authentication database could result in being a single point of failure Kerberos is vulnerable to password attacks Secret keys and session keys are temporarily stored on users’ workstations, which

may result in breach of security.

2.5.3.3 OAuth

OAuth is an open and standardized web resource authorization protocol that enables users to grant third-party application access to their web resources without sharing their login credentials or full extent of their data (Sun & Beznosov, 2012). Most of the major service providers currently, such as Google, Facebook, Twitter etc. use OAUTH in order to facilitate federated identity to their users. Sun & Beznosov (2012), states that there are over one billion OAuth-based user accounts in the world, which are mainly provided by the major service providers such as Google, Microsoft, Facebook and Twitter. This popularity is attracting huge number of relying party to adapt OAuth so that they can reach a larger set of users. This


40062051 SOC10101

popularity may not only attract the relying parties, but also the hackers who are looking to exploit the weaknesses that is present in OAuth (Sun & Beznosov, 2012).

The steps that are followed during the authorization using OAuth protocol are as follows:

An authorization request is made by the client to the resource owner. The client receives the credentials that represents resource owner’s authorization as a

token of an authorization grant. The client uses that authorization grant to request an access token with the

authorization server. The authorizaiton server validates the authorization grant and issues an access token The client uses the access token in order to access the protected resource from

resource server The resource server validates the access token and grants the access to the protected

resources (Hardt, 2012).

The steps that occurs in the OAuth authentication is shown in figure 6.

Figure 6: OAuth authorization steps extracted from (Hardt, 2012)

According to Sun & Beznosov (2012), an adversary can exploit the weaknesses and get a hold on to millions of user data for phishing, id theft, email spam and on-line profiling. They also state that OAuth protocol was found to be secure after several approaches were used for analysing OAuth. However, since OAuth-based single sign on systems are mainly built upon existing web infrastructures, the web application vulnerabilities such as cross site scripting, cross site request forgery, etc. can still be exploited (Sun & Beznosov, 2012). Moreover, they found that although the protocol itself is very secure, the security could be compromised and exploited through breaching the temporary secret key or access token to the user’s account.

Access Token

Access token are credential that is used to access the protected resources. It is a string that represents an authorization issued to the client by the service providers. Access tokens also represents as an identifier that can be used to retrieve the authorization information. Access tokens may have different structures, format and cryptographic properties depending on server security requirements.

As it is mentioned previously by Sun & Beznosov (2012), access token are the most vulnerable part in the OAuth Protocol, as they are mainly stored in HTTP cookies which


40062051 SOC10101

leaves it open to the wide range of attacks such as network eavesdropping or cross scripting cookie theft. It is also suggested in by Sun & Beznosov (2012) in their paper that relying parties should employ SSL in order to protect single sign on session (Sun & Beznosov,2012).

2.5.4 Trust in Identity management system

According to McKnight and Chervany (1996), trust can be defined as: “The extent to which one party is willing to depend on something or somebody in a given situation with a feeling of relative security, even though negative consequences are possible.” (McKnight and Chervany 1996, cited by Josang, et al., 2005). In other words, trust is a process to depend on someone else to get something done by having an assurance that the task would be done without any complications. Although trust cannot be classed as an entity in a federated id management system, its importance and the role play cannot be ignored. Josang, et al. (2005), in their paper, have identified the trust that the entities involved in federated id system, which are as follows:

Client needs to trust in service providers to protect their privacy and to implement the satisfactory level of user registration mechanism and authentication procedures.

Similarly, service providers needs to trust the client to handle the authentication credentials that is provided by them with adequate care.

Different service providers should trust each other to provide the access to their services by making user of assertions shared between service providers on user’s behalf only when the request is made legitimately by the client.

Similarly all the federated service providers should trust each other to ensure that the mapping of identities between the service providers is correct (Josang, et al., 2005).

In short, a federated identity model works on a basis of trust. The service provider is providing an access to the user who is not verified in its own internal security; instead it trusts the identity asserted by a third party identity provider, which introduces a risk and uncertainty (Buecker, et al., 2005).

Buchanan, et al. (n.d.), in their paper, have discussed about different levels of trust while authenticating users through external sites to access the health records. With the rise of many social sites acting as an identity provider, the issue of trust in the federated id system is at its highest point, thus, it is necessary to understand who to trust as the identity provider in the federation. In order to identify the trust levels, Buchanan, et al. have discussed the following level of assurance (LOA) in their paper:

Level of Assurance 1: All the social accounts and the email providers act as an identity provider in this level. The only attributes supported by this level of assurance are username and password, and from the discussion in section 2.4, it was concluded that the use of only these 2 attributes for authentication is the least secure.

Level of Assurance 2: The organisations that has facility for knowledge based assessment, data bureau checks and scan ID documents act as the identity providers in this level. There is a two factor authentication in this level, as the attributes include username/password and a document check, which maps to who you are?

Level of assurance 3: This has the highest level of trust as the attributes supported are username/password, verification of documents including bank details, geo-location verification, and mobile verifications and so on. Government ID services, e-Passport scheme etc. act as the ID providers in this level of assurance.


40062051 SOC10101

In a healthcare system, the identity providers should have a LOA3+ id proofing service in order to ensure the data privacy and security, and mitigate the risks of id leakage which may bear a severe consequences (Buchanan, et al., n.d.).

2.6 Access ControlThere has to be some kind of restriction for user to prevent an access to the unauthorized resource or data of a particular resource owner. Access control management is a solution to prevent unauthorized access from malicious attackers (Sanchez, et al., 2008). There are many access policy languages which could be used to control the access to the particular resources such as XACML, PERMIS, and EPAL etc.

2.6.1 PERMIS

PERMIS is a middleware authorization framework, which is mainly focused towards role based access control (RBAC) model. According to Mbanaso, et al. (2006), PERMIS has a support for role hierarchy and user friendly policy. Moreover, it also has a graphical user interface policy editing tool and privilege allocation subsystems, mainly to manage roles and permissions. However, Mbanaso, et al. (2006) states that PERMIS has its own limitation in expression and semantics in comparison to XACML. Moreover, it also doesn’t support policy and credentials exchange in order to address the private issues (Mbanaso, et al., 2006).

2.6.2 XACML

XACML (eXtensible Access Control Markup Language) is the standard language developed by OASIS for expressing access control (AC) policies (Mazzoleni, et al., 2008). XACML is XML-based policy language and include two specifications, i.e. an access control policy language and representation format to encode access control requests and responses (Sanchez, et al., 2008). Figure 7 gives the general working flow of XACML and its policy activation.

Figure 7: XACML policy structure (Sanchez, et al., 2008)

Mbanaso, et al. (2006) claims that XACML language has provision to use several methodologies in order to form a policy set. The policy set and the trust authorization architecture created by making use of XACML is very flexible and has more than one way of making decisions through the utilization of trust access management (Mbanaso, et al., 2006). Figure 8 shows the xacml trust authorization architecture proposed by Mbanaso, et al. (2006).


40062051 SOC10101

Figure 8: XACML trust authorization architecture (Mbanaso, et al., 2006)

Ni, et al. (2010), in their paper, state that conflicting policies in XACML are dealt using policy combining algorithm which causes the effects from the other relevant policies to be ignored. For an example, for a request, if multiple policy sets yield different decisions, XACML will refer to the pre defined policy combining algorithm, and selects a particular policy, on the basis of which the decision is made. Thus, the decision taken by XACML during the policy conflict may not be the best one (Ni, et al., 2010).

2.6.3 EPAL

Enterprise Privacy Authorization Language (EPAL) is a formal language which is designed to write privacy policies in an enterprise in order to govern any data handling practices as per positive and negative authorization rights (Ashley, et al., 2003). An EPAL policy contains the definition of list of hierarchies of data categories, purposes, and obligations sets of actions, user categories and conditions. All these elements are used to formulate an authorizations rules which then allows or denies the action on data categories, as per user-categories for specific purpose under a specific condition while authorizing certain obligations (Ashley, etal., 2003).

Anderson (2005) has given a comparison between EPAL against XACML, and according to her XACML doesn’t support the feature of hierarchical categories and vocabulary while defining the rules and setting the policies, whereas EPAL doesn’t provide support to huge number of features that is required to form an authorization policies such as Hierarchica roles, Error handling, Nested policies, policy references and multiple responses. Moreover, she has stated that XACML is an OASIS standard whereas EPAL doesn’t have any status as a standard (Anderson, 2005).

2.7 Security and cryptographyWith all the flexibility, scalability and ease offered by the cloud computing, there are always concerns towards data confidentiality, integrity and security. Since clouds haven’t got any specific boundaries, the data could be located anywhere in one of many data centers across the geographically distributed network, which raises the security concerns (Sudha, 2012).

In order to maintain the confidentiality and integrity of the data, encryption is the process that is widely used. Encryption is the process of hiding a plain text to an unreadable cryptic text,


40062051 SOC10101

in order to secure the data against the data thieves (Singh & Maini, 2011). Apart from maintaining confidentiality and integrity of data, Verma, et al. (2011) have listed some other functions of encryption such as:

Confidentiality Authentication Integrity Non Repudiation Access Control Availability

There are mainly two methods of encryption of the data i.e. symmetric key and asymmetric key encryption.

2.7.1 Symmetric Key Encryption

Symmetric-key encryption or algorithms are the algorithm for cryptography which use the same set of keys in order to encrypt and decrypt the data. Symmetric-key encryption facilitates the secrecy during the communication between the two parties, even when a third party is intercepting the communication (Delfs & Knebl, 2007). During symmetric key encryption, the encryption and decryption algorithm are publically known and all the parties use the same key for encryption and decryption. The decryption of the data becomes straight forward if an intruder gets their hands on the key, thus it is necessary that the key has to be kept secret (Delfs & Knebl, 2007). There are many symmetric key encryption methods, such as AES, DES, Blowfish, Triple DES, Vernam’s one-time pad etc. Here, we discuss AES and DES as an encryption methods for symmetric key encryption.

2.7.1.1 Data Encryption Standard (DES)

Data encryption standard (DES) was previously the most widely adapted symmetric-key encryption algorithm. Many banks, governments and commercial application adapted DES as the core for the secure and authentic communications (Delfs & Knebl, 2007). DES was also the first encryption standard that was recommended by National Institute of Standards and Technology (NIST). It is mainly based on the algorithm called Lucifer which was proposed by IBM (Singh & Maini, 2011). DES algorithm takes 56-bit keys and 64-bit plaintext as the inputs and gives 54-bit cryptogram as an output.

DES = (0, 1) ^56 x (0, 1) ^64 (0, 1) ^64

Singh & Maini (2011), states that, since becoming a standard in 1974, there were many attacks which resulted in exploitation of weaknesses of DES, as a result of which, it was considered an insecure block cipher (Singh & Maini, 2011). The short key size of 56 bits adapted by DES led to many criticisms, including one from W. Diffie and M.E. Hellman (Delfs & Knebl, 2007). Thus an enhancement to DES, in the form of Triple DES was proposed. Triple DES has similar encryption method to the DES, the major difference being application of increase of encryption level by 3 times (Singh & Maini, 2011) i.e. 3DES algorithm uses three 56 bit key which makes the effective key length up to 168 bits, however triple DES is slower compared to other block cipher method (Verma, et al., 2011).

Delfs & Knebl (2007), in their paper, claims that although there have been introduction of many linear and differential cryptanalysis methods in order to break DES, the best attack has been an exhaustive key search. They also claim that a specially designed super computer witht eh combination of 100000PVs over the internet were able to retrieve the key after only 22hrs and 15 mins (Delfs & Knebl, 2007), citing the importance of key management while using the DES encryption.


40062051 SOC10101

2.7.1.2 Advanced Encryption Standard (AES)

Citing the weaknesses of DES, Rijndael algorithm, in 1997, was chosen to be the best encryption standard by NIST, thus Rijndael algorithm was started to be known as Advanced Encryption Standard (AES). Similar to DES, AES is also a block cipher however, the block size used in AES is 128 bits, whereas keysize is also increased to 256 bits (Verma, et al.,2011). Apart from encryption, Rijndael is also suited for some other cryptographic tasks such as construction of cryptographic hash functions or pseudo random bit generators. Verma, et al. (2011) states that bruteforce attack, where attacker attempts to test all the possible character combinations to decrypt the encrypted text, is the only effective known attack against Rijndael algorithm.

Singh & Maini (2011), in their paper, have performed a comparison between AES and DES in terms of perfomance, and it was found out that AES or Rijndael has greater throughput than DES or 3DES. Similarly, it was also found out that AES is quicker to decrypt the encrypted text in comparison to DES and triple DES. Verma, et al. (2011) found out the similar results as well, citing that AES has better performance in comparison to DES and triple DES in terms of throughput and latency.

2.7.2 Asymmetric key Encryption

Sharing of the key between two parties is always a major problem while adapting symmetric key encryption, as there is a greater possibility of communication being intercepted and the key being discovered. This issue is solved by the use of asymmetric key encryption. The main feature of asymmetric key encryption is that it uses two keys i.e. a public key and a private key (Thakur & Kumar, 2011).

In this encryption method, public key is known to the public and is used for encryption whereas private key is only known to the user and is used for decryption of the cipher text. The public and private key are related to each other mathematically i.e. the data that is encrypted by one public key can only be decrypted by its corresponding private key (Thakur& Kumar, 2011).

Asymmetric key encryption are not suited to encrypt large amount of data because of its inefficiency, thus they are only used in transferring the key between the parties. In practical crypto systems, symmetric-key encryption is used to encrypt the large amount of data whereas asymmetric key encryption is used to create secure communication channel, so that the key can be transferred between multiple users (Delfs & Knebl, 2007). RSA and DSA are examples of asymmetric key encryption method which is based on factoring prime numbers.

2.7.3 One Way Hash

Another method of hiding a plain text data from intruder is making the use of hash. One of the major advantages of a one way hash is that the hash can’t be decrypted to find the password. However, the hash can be matched with the list of existent hashes of passwords contained in a dictionary or a word list. This is also known as a rainbow table. A rainbow table is a huge list of hash values that are used by hackers in order to retrieve the password by reversing the hashing function (Kumar, et al., 2013).

Another major disadvantage of using one way hash is that the hash value of any particular word is always the same, which makes it vulnerable to any dictionary attack. Thus, it is suggested to use salt while using these hashing algorithms (Buchanan, n.d.). Some of the most common one way hashing algorithms are MD5, SHA1 and NTLM hash.


40062051 SOC10101

2.8 Ethics and LawsAn e-health system involves sharing of the data across different bodies. While implementing the data shares, it is always necessary to remain ethical and bide with the law. Different countries have different laws and acts related to the sharing of the data and its privacy. Thus it becomes necessary to make sure that the e-health system is implemented by considering the laws that is related to the target country or countries.

In USA, there is a separate act that ensures the privacy of patients’ health records and patient’s rights towards the health care system. The act is called Health Insurance Portability and Accountability Act (HIPAA) 1996 (HIPAA, 2013). It is very important to understand this act as its violation may result in fine of $250,000 and jail up to 10 years (Mercuri, 2004). Armstrong, et al., (2005), in their paper discuss the survey that was performed to analyse the potential impact of HIPAA privacy rule on the collection of data related to registry of the patients. According to them, the HIPAA privacy rule under “the standards for privacy of individually identifiable health information” affects the registry of the patients, as they concluded that this act drastically decreases the number of patients available for the research and registries (Armstrong, et al., 2005). Similarly, Anderson (2007), in his paper, has spoken about the social, ethical and legal barriers towards the implementation of e-health in USA compared to the Western European countries. Some other legal barriers to the adoption of e-health in US are physician self-referral law and anti-kickback law (Anderson, 2007).

In UK however, there is no separate act for the privacy of health data and medical records. All the privacy of health data and medical records come under Data Protection Act (1998). Some of the key points that are to be noted from the data protection act that might have an impact in the e-health system are (Parliament, 1998) :

Data must be used fairly and lawfully Data must be used for limited and specifically stated purposes Data must be used in a way that is adequate and not excessive Data must be accurate Data must be kept safe and secure Data must not be transferred outside UK without acceptable protection (Parliament,

1998)

The UK parliament has also classed health data as one of the most sensitive information which has a stronger legal protection (Parliament, 1998).

Similarly, European Association of Health Law (EAHL) and Data Protection Directive (1995) are dedicated for protecting privacy of the patients across the Europe. Although, there are separate data protection laws for different countries across Europe, it is necessary that the health system abide to the EAHL laws while sharing the data across different countries. Likewise, it is also important that the Data Protection Act (1998) and HIPAA are both considered while transferring the patient’s data across the countries.

2.9 ConclusionsThe main aim of analysing an e-health system and its requirements and its frameworks has been met in this chapter. Many e-health frameworks have been evaluated in section 2.3.4, and it was concluded that user authentication is one of the vital requirement in delivering a successful e-health system.

Similarly, it was also found out that authorisation and data security is also a major area of e-health system that requires a special focus (Section 2.4 and Section 2.7). The use of


40062051 SOC10101

application level encryption is being focused by (Ding & Klein, 2010) because of the flexibility it presents in the overall infrastructure. As suggested by Li, et al. (2013), it is also concluded that the use of individual secret key for every patient is the best route in order to implement the security policy in the infrastructure.

Similarly, the use of Federated ID management system has also been analysed and found out that its emergence and popularity has made it a focal point in cloud computing and would be used more often in the future. The use of federated ID management system was also suggested by de Melo Silva, et al. (2014).

The ethics and laws related to the sharing of health data has also been discussed in Section 2.8. This should be considered while sharing the medical data with different entitites in different countries or organizations.

Thus, with the help of this chapter, the key focus point in order to create an authentication infrastructure for an e-health system has been pointed out, which are as follows:

Making the use of external ID providers to implement the concept of federated ID management system.

Encrypt the data in the database using symmetric key encryption method Encrypt the database that contains the passwords of all the users as a part of a key

management. Use separate key for individual user in order to encrypt the database in symmetric key

encryption.

Based on the above conclusions from literature, an e-health infrastructre should meet all the above requirements in order to provide a cloud based electronic health care infrastructure. In next chapter, the design for the e-health system would be designed, utilizing the discussions from the literature review chapter.


40062051 SOC10101

3 Design

3.1 IntroductionIn this chapter, the overall design of the system would be proposed along with any alternatives for the failover. The major basis of the design of the system would be user’s data security and privacy.

From section 2, it was concluded that, in order to implement an e-health system, there are many areas that have to be evaluated. The major points from the literature review that would be considered in the design of building an e-health are as follows:

Use of external ID providers to implement the concept of federated ID management system.

Create an authentication system. Encrypt the data in the database using symmetric key encryption method Encrypt the database that contains the passwords of all the users.

3.2 Initial SetupAs suggested by Rozenblum, et al. (2011), bottom-up approach would be taken in designing and implementing this health system. The following diagram (figure 9) shows the initial design of the overall structure that would be used in order to set up the web based diabetes management system.

Figure 9: Initial e-health design

The users would be able to authenticate themselves to the system via a web interface. The web interface would be connected to the database which is located in the cloud. The database


40062051 SOC10101

would contain all user’s personal record as well as medical record. The design of the database is further discussed in section 3.6.

3.3 Tools and LanguageVisual studio 2013 would be used as a framework to carry out this project. One of the main reasons behind this choice is the simplicity of creating a web application by making the use of this. Visual studio supports many high level languages and provides the platform to create different web applications or console applications. Moreover, it is also simple to deploy the created project over the cloud.

There are many languages that could be used to create the interface and functionalities in this project, however, C# would be used in order to create the e-health system because of the wide variety of libraries and namespaces that it supports. It also has a namespace for security and cryptography, thus it supports application level cryptography and the encryption doesn’t have to be dependent on the database level.

MySql will be used as the database server in order to provide the data functionalities for this system. My sql is a multi thread and multi user data base mangement system which is mainly characterised to be a fast, free and reliable relational database. Moreover, MySql has a provision to handle the large database.

3.4 Web Interface DesignA web interface would be set up that would enable users to read and write in the database simultaneously. The web interface is designed to be connected to the database which is located in the cloud. The web interface would be designed by using ASP.NET MVC5. As suggested by Al-Taee, et al. (2013), it is a great benefit to separate the user’s view and background database. Thus, MVC was chosen to build the web application.

3.4.1 ASP.NET MVC

Asp.net MVC is a framework which is created by Microsoft Corporation that gives an alternative to the asp.net web forms (Microsoft, 2015). The main benefits of using MVC framework are:

High-productivity programming model Clean code architecture Test-driven development Powerful extensibility

Moreover, Microsoft has installed many features with ASP.Net MVC such as open web interface for .net (OWIN) and Katana, Security, identity and claims, Entity framework, and Bootstrap, that makes the development and design of a web-application a stress free task (Microsoft, 2015).

Figure 10 shows the work-flow of Model-view-controller (BeanSoftware, 2014).


40062051 SOC10101

Figure 10: MVC Working structure (BeanSoftware, 2014)

Controller: Controller could be regarded as a backbone of the whole MVC structure. All the requests that is made by the users is acknowledged by controller. Controller receives the requests and updates the data and view accordingly (Microsoft, 2015). Controller connects the model and view and is used in order to initiate the communication between the view and the controller (Rouse, 2011).

Model: Model is used to update the connected database. It also provides data to the view for users to view the updated data (Microsoft, 2015). Model is used to represent the logical data structure in a web application and different high-level classes that are associated with it. Moreover, model doesn’t have any information that is related to the user interface and only deals with the database and classes in the programme (Rouse,2011).

View: A view is the interface that is visible by all the users. It is a collection of classes that represents all the elements in the user interface. It takes requests from controllers and gets data from model in order to respond to the request made by the user (Rouse, 2011).

3.5 External ID ProvidersFollowing the literature review, it was concluded that use of federated ID is a suggested step towards the development of e-health system. Following the model proposed by Peyton, et al. (2007), provision of integration of federated id management was made in this e-health system. As discussed in section 2.5.1, federated id management system would enable the developer to focus more on towards the security of the application.

Currently, OAuth is one of the most popular authentication protocols that is used to provide the single sign on feature to the users. The popularity and usage of social accounts, in order to verify the identity, has risen in last few years because of the ease it provides in terms of authentication. Thus, in our e-health structure, some of the social accounts would be included as an id provider for the users.

Microsoft: Microsoft is one of the very first id providers in terms of federation of identity. When the Microsoft passport system was first introduced, it was used in order to verify the user’s identity. Microsoft uses OAuth as an authentication protocol to provide verify identity.

Facebook: Facebook has become one of the popular social accounts in terms of ID providers. Its popularity in the field of social field has encouraged people to choose this login provider to verify the identity for them. This too uses OAuth as an authentication protocol.


40062051 SOC10101

Google: Mainly recognized as a pioneer in search engines, google has also gained a huge popularity as a web SSO id provider. Google used OpenID as an authentication protocol, however, it has now started using OAuth protocol for authentication.

Twitter: Twitter has established itself as a platform where people can share their views and ideas with others. It has also established itself as a very popular ID provider and makes the use of OAuth for authentication.

Some other social accounts that acts as an identity providers are Linkedin, Yahoo and paypal.

The MVC make the use of Web Application programming interface (API) in order to extract the user information from the identity providers.

Access Token:

Access tokens, that would be received from the external ID providers, would be stored in a separate database temporarily, and would be used as a refresh tokens if needed. ASP.NET has a provision for this functionality.

3.6 Database DesignFrom literature review, it was suggested that separating a patient’s medical record from their private data is always a wise move, as it provides an extra sense of protection. Thus, there would be at least two database, one containing the patients’ private data and the other containing the medical records.

The columns that would be included in the database containing private data were:

Name Gender Age

The parameters that would be taken in the the database can also be seen in figure 11.

Figure 11: General Database Parameters

The database that contained patients’ medical data would have separate table for each individual. The tables would contain the metrics that would be required to create the diabetes management system. The following columns would be included in every table.

Height(m) Weight(Kg) BMI Body Temperature(c) Blood Sugar Level (mg/dL) Blood Pressure(Syst) Blood Pressure(diast) Insulin Dosage(IE) A1C Level (%)

All the parameters that has been used in the medical data can be seen in figure 12.


40062051 SOC10101

Figure 12: Medical Database Parameters

3.7 Security and CryptographyAll the data in the database would be encrypted using application level encryption. The data would be encrypted before even uploading it in the database. Symmetric Key encryption would be used in order to encrypt the data. The key management would be done in such a way that every individual user will have their own separate key without which the data in the database couldn’t be decrypted. From literature review, it was shown that this method was the secure way of encrypting the data instead of using a single key for the whole database, as anyone who gets hold of the key can encrypt the data in the database.

The data would be encrypted using the following encryption methods:

Advanced Encryption Standard (AES 256 bit) Data Encryption Standard (DES 128 bit)

These 2 methods would be evaluated and the best method for encryption would be suggested. Similarly, in terms of key management, the key for decrypting the data would be hashed and stored in form of password in the internal database. Like encryption method, different hashing algorithm would be used to secure the key and the best hashing algorithm would be proposed.

3.8 Cloud StorageAll the materials would be deployed over the cloud. Microsoft Azure would be used in order to store the data and call the data when required. From section 2.2, it was concluded that Microsoft azure has many storage and security features that would closely match the requirements of this system. It also supports Microsoft.net as a programming framework and has the feature of built in hardware load balancing. Moreover, the usage and the connections could be monitored using the built in management portal that would help us to analyse the requirements in the real life system.

3.9 Final designFigure 13 depicts the final design of the system that would be used in order to evaluate the electronic health care system in the cloud computing.


40062051 SOC10101

Figure 13: Overall design of the system

As it could be seen from the figure, every users would have their own individual set of keys that would be used in order to access their data in the database that is located in the cloud. The data in the database would be encrypted using the symmetric key encryption. The uses would have a provision of making the use of external providers in order to log in to the cloud based system, or use the local account to authenticate themselves to the system. The keys of the uses would be encrypted by using one way hashing mechanism, and would be managed locally, which would act as one of the security policies in the infrastructure.

The final design follows different proposals that has been proposed in the past which could be found in section 2.3.4 and 2.3.5. The use of federated ID management system (de MeloSilva, et al., 2014), application level encryption for database (Ding & Klein, 2010), and the use of cryptographic signatures (Fan, et al., 2011) are the key focal point in this design of e-health infrastructure.

3.10 ConclusionThe final design shows the use of databases that have been encrypted using the encryption methodologies, with every user getting an individual keys, which would be used in order to get them access to the database.

The aim of this chapter was to consider the findings from the literature review and design an e-health system based on it. While designing the e-health system, patient’s privacy and data security was put on the top priority. As mentioned in data protection act (1998) (Parliament,1998), the data must be kept safe and secure, especially, when it is related to the sensitive data like health data. Thus, while designing the system, data security was given top priority.

Similarly, the design also integrates the social ID providers, in order to provide identity to the users, and implement the concept of federated identity management as suggested by de Melo Silva, et al. (2014). Similarly, as suggested by Al-Taee, et al. (2013), Model-View-Controller was used in order to design the interface, whereas, the encryption of the data was done following the proposal made by Ding & Klein (2010), who suggests the use of application level encryption.


40062051 SOC10101

Similarly, the DACAR model proposed by Fan, et al. (2011) was also followed in order to make the use of cryptographic signatures and authentication to ensure the data security. The similar proposal was also made by Fengou, et al. (2013) and Mantas, et al. (2009).The use of separate key for every user, as suggested by Li, et al. (2013), is also considered, while designing the infrastructre, as it ensures top level of data security and authentication, too.


40062051 SOC10101

4 Implementation

4.1 IntroductionFrom the design chapter it was concluded that bottom-up approach was chosen in order to implement the web interface that provided the authentication and authorization to the patient’s medical and private data. A basic web interface that has a basic read and write functionalities will be created first, eventually moving on to adding other elements in the web system. The web application was created in visual studio with the MVC template that is provided along with the individual user accounts as an authentication type. This can be seen in the figure 14. Once the setup of the project is completed, the port was allocated which would be used in the development process of the project. The full details of the development server can be seen from figure 15.

Figure 14: MVC Project initiation


40062051 SOC10101

Figure 15: Settings used in Development server

4.2 Connecting External ProvidersIn order to use federation of social accounts as an ID provider in the system, it was required to register the web application with the ID provider. Every ID provider has a developer site, which was used to register our web application using the http url from section 4.1.

4.2.1 Facebook

Using the http url from section 4.1, the project was registered with Facebook developer site. Once the project was registered successfully, it was made available to general public and the App ID and App Secret were retrieved which would later be used in the project in order to connect the application to the facebook. It can be seen in figure 16.

Figure 16: Registering app in Facebook


40062051 SOC10101

4.2.2 Google

Similarly, the application was registered with google and the client ID and Client secret were retrieved from google. It can be seen in figure 17.

Figure 17: Registering app in Google

4.2.3 Twitter

The same steps were followed while registering the application with twitter. Once the application was registered, the consumer key and the consumer secret were received which were later used in order to get authentication via twitter. This can be seen in figure 18.

Figure 18: Registering app in Twitter

4.2.4 Microsoft

Same steps were followed and the application was registered with Microsoft from where client ID and client secret were received which were later used to provide the authentication through Microsoft. This can be seen in figure 19.


40062051 SOC10101

Figure 19: Registering app in Microsoft

4.3 Data SimulationIn order to evaluate the performance and the overall structure of the e-health system, it was necessary to create a real life scenario. So, to carry out the broad evaluation of the performance of e-health system, we considered 1000 users with every user containing 1000 data rows. In order to store the database, a new database server was created in Microsoft azure.

4.3.1 General Data

Firstly, a database was created in the database server with the settings as shown in the figure. Since this database only contained basic information as explained in section 3.6, the size of the data base was kept low and the service tier was chosen to be basic one, as seen in figure 20.

Figure 20: Settings used for general database

In order to populate the general data table, random names of people were required. To do that, top 1000 names were downloaded off the internet along with their sex. Then, using the console application, the names and sex were populated in the database. In order to populate


40062051 SOC10101

the age column, random number generator namespace was used in order to allocate the age randomly, however, the common diabetes patients were between the ages of 16-70 (DiabetesUk, 2015). Thus, the random number generator was limited to that age.

The snippet of the query and parameters used to add the values in the table could be seen above. The full code that was used to fill the general data can be seen in appendix 5. The snippet of the database once it was populated can be seen from figure 21.

Figure 21: Database with general information


40062051 SOC10101

4.3.2 Medical Data

The database that was chosen to use for medical data was of much larger size than that of general data, because of the amount of data that was expected to be stored. The settings that were used to create the database server could be seen from figure 22.

Figure 22: Settings used in medical database

From section 3.6, the parameters used for medical data is found. In order to fill the medical database, using the general database that was created previously, a separate table for every patient was created. Then, using the random number generator (RNG), the data was simulated for every patient. While using the RNG, the number that was generated was limited to a certain scope in order to get a realistic figure. For e.g. a person’s body temperature ranges from 35-40c. Table 3 shows the parameters and their limitations.

Parameters LimitHeight(m) 1.49-1.87Weight(Kg) 40-95Body Temperature(c) 35-40Blood Sugar Level(mg/dL) 85-160Blood Pressure (Syst) 50-90Blood Pressure(diast) 80-130Insulin Dosage(IE) 0.1-0.5A1C Level (%) 6-8

Table 3: Diabetes Parameters

Similarly, Body Mass Index (BMI) was calculated using the parameters height and weight such as:

BMI = (Weight/Height)/Height


40062051 SOC10101

The snippet of the code used to simulate the data in the rest of the tables can be seen below, whereas the full code is available in appendix 5

. Once the database was populated with all the data, it looked like in figure 23.

Figure 23: Medical Database

The figure above represents only one table out of 1000 tables in the database, thus the database is populated with more than 1 million data for the purpose of evaluation. However, the above database is populated as a plain text, thus if anyone could get hold of the database, the data is wide open. To mitigate this problem, as suggested in literature review, data encryption was performed, which is discussed in the following section.

4.4 Database EncryptionFrom the previous section, it was concluded that the database that was populated in the medical data contained the plain text, which is very unsafe. Therefore, to hide the data from the intruder, the data was encrypted before it was filled in the database. Two new databases


40062051 SOC10101

were created in order to fill the encrypted data. The settings that were used to create the databases were same as the one used in the previous section.

4.4.1 AES Encryption

In order to encrypt the data in the database using AES encryption, a certain key was required. In order to allocate separate key to every individual users, top 1000 passwords were downloaded from the internet, and every individual user was allocated with a password as the key to their data. Then using the cryptography namespace in C#, the values generated through the random number generator was encrypted and populated in the database.

In order to encrypt the data through AES, an AESencryptor class was created which took a key as a string and the decimal value as the value to be encrypted, and returned the encrypted value in the base64 form. This class was used in order to encrypt the data and load it in the database.

Figure 24 shows that the data in the database which were previously in the plain text have been encrypted using AES 256 bit encryption, and can only be decrypted using the key which was used to encrypt the data.

Figure 24: AES encrypted database


40062051 SOC10101

4.4.2 DES Encryption

Like the previous section, a DES encryptor class was created in C#, and the values generated from the random number generator were passed through the encryptor to get encrypted data.

The class DES encrypter takes a string key and decimal value and encrypts the value using the key size 128, and then returns the encrypted value in base64 format. Figure 25 shows the database that has been encrypted using Triple DES 128 bit encryption. These can only be decrypted using the key that were used to encrypt the data.

Figure 25: DES encrypted database

4.5 Key ManagementIt is necessary to prioritize the management of the keys that were used to encrypt the data in the database. From literature review, it was known that the key holds all the secret to the data in the database, thus it was extremely necessary to protect the key. In order to protect the key, different hashing algorithm were used.


40062051 SOC10101

4.5.1 LM/NTLM

NTLM is the most popular method of hashing the passwords that is used in order to store the windows password. A LM/NTLM hashing console was created in order to create the hash of the key that were used to encrypt the data. The snippet of the code can be seen from below.

4.5.2 MD5

Similarly, a console that converted all the plain text to MD5 hash was created in C# using the code as below.


40062051 SOC10101

4.5.3 SHA1

Similarly, a console was create to convert the plain text to SHA1 hash in C# by following the code seen below.

4.5.4 Password Based Cryptography Service (PBCS)

Although, NTLM is the most common way of hashing the passwords in the windows programmes, the default password hashing method in ASP.NET uses key derivation function in order to hash the password with the key created by the key derivation function. Using the password based key derivation function (PBKDF), the passwords are stored in the ASP.NET password database. Thus, a console that uses RFC2898 function of PBKDF was created in order to hash the keys that were used in the encryption. It can be seen in the following snippet of the code.


40062051 SOC10101

As it can be seen above, this service uses the salt function on top of the hash for the security purpose.

4.6 Web ServerOnce all the sections were implemented, everything were brought together in the ASP.NET. Use of External ID providers and use of Entity Framework Database first model was carried on in the developer server.

4.6.1 Integrating External ID Providers

Using the ID and secret obtained from different ID provider from section 4.2, the web server was configured as shown below. The code below integrates Microsoft as one of the ID providers in the system.

Similarly, the code bleow integrates Twitter as one of the ID providers in the system


40062051 SOC10101

Likewise, the code snippet below integrates facebook as one of the ID providers.

And finally, the code below presents the integration of google as an ID provider in the web service.

Figure 26 above shows the login screen for the users once all the external ID providers have been integrated in the health care infrastructure.


40062051 SOC10101

Figure 26: User Login screen

This application would enable the users to login through the local account if they have an account, register for a new account locally or use one of the four external ID providers in the screen. Once the user successfully logs in, he/she will gain access to their data which are not visible at this moment.

4.6.2 Database

Once the authentication setup was completed, it was required to connect the database previously created in this application. In order to do so, Entity Framework that was available in MVC was used. It allows us to connect the database to the application to perform various tasks with the data. The entity framework model that was used is database first approach, where database was created first and then the coding for connection was done later.

Figure 27 shows the model of the entity framework and provision of a class for every table in the medical record. Every class contains a parameter which would be used to populate the class before sending the data to the view section in MVC structure.


40062051 SOC10101

Figure 27: Entity framework model

Once the user gets successfully authenticated, the system checks his/her identity claim through the claim service provided by ASP.Net and link the user to the class that’s connected to his/her database table. When the user is successfully authenticated, the actionlink becomes visible to user, as seen in figure 28, which when clicked, would show users their own personal medical and private details.

The controller that controls all the action would be AccountController.cs. Once the link is clicked, the user would be redirected to the page which displays their details.

Figure 28: Home screen after authenticating user

The code that are used in the view page in order to display patients’ medical record can be seen below.


40062051 SOC10101

This would only display all the medical records in the table. However, if the users would like to view the pattern of their data in the form of the graph, they have got choice to click on the link that would redirect them to the new page that contains the graph of their data. The code that shows the action link and the graph followed by clicking it are below.


40062051 SOC10101

Once all the web application was setup, they were deployed over the cloud. In order to perform the web deployment, a test website was create in the Microsoft azure with the following settings:

Name Test0062.azurewebsites.netCPU Time 1 HR/DayData Out Limit 165Mb/DayFile System Storage 1GbMemory Usage 1GB/HrDatabase Storage 250 Gb

Table 4: Specification of web server

4.7 Name Spaces usedDifferent namespaces and assemblies were used for different tasks throughout the implementation. Apart from the default namespaces and assemblies, the following Assemblies were used in order to implement the system. Table 5 shows some of the namespaces used in order to implement different functionalities in the system.

Task Name SpacesConnecting External ID Providers Owin

Microsoft.Security.Owin.FacebookMicrosoft.Security.Owin.GoogleMicrosoft.Security.Owin.TwitterMicrosoft.Security.Owin.MicrosoftAccount

Data Simulation System.Data.SqlClientSystem.Threading

Data Encryption System.Security.CryptographySystem.Threading.Task

Hashing Algorithm System.Security.CryptographyOrg.BouncyCastle.Crypto

Web Integration System.TimersFacebookSystem.DiagnosticsSystem.Newtonsoft.Json.LinqSystem.Text.RegularExpressionsTweetsharpSystem.Web.Routing

Table 5: NameSpaces Used


40062051 SOC10101

4.8 ConclusionThus, using Microsoft C#, ASP.NET MVC and Microsoft Azure, an e-health system was created where users can login using their local credentials or by making the use of federated id providers. The libraries and assemblies used in order to implement the functionalities in the infrastructure could be seen from table 5.

Federated ID management system for external provider was implemented by making the use of System.owin namespace which is readiliy available in ASP.Net MVC5. The web infrastructure was registered to every external ID provider, which gave the client ID and secret key in return. The client ID and secret key were used in startup.cs class, which then integrated the external ID providers to the infrastructure. The use of federated ID follows the concept proposed by de Melo Silva, et al. (2014).

The security of the data was also implemented by using application level encryption, following the concept of Ding & Klein (2010), over C# on the data which were simulated by using C# and SQL queries in Visual Studio 2013. Symmetric key encryption was implemented by making the use of namespace security.cryptography which provided the classes for AES encryption and triple DES encryption as seen in section 4.4. Similarly, the same name space was utilized in order to produce the hash values of the keys used in the data encryption process (Section 4.5). Every user is allocate their own keys in order to decrypt the data from the database, which according to Li, et al. (2013) ensures high level of data security.

Similarly, the patients’ data were simulated by using random number generator in C#, and were utilized in the next chapter to evaluate the overall performance of the infrastructure.


40062051 SOC10101

5 Evaluation

5.1 IntroductionFrom chapter 4, a prototype for an e-health system was implemented, where a user can authenticate himself in the system and get access to his medical data. However, it is necessary to analyse the efficiency of the application in terms of security, privacy and simplicity. It is also necessary to analyse the time taken to carry out any task, as, in the health care system, every second is valuable and can make difference in terms of saving lives.

In this chapter, a setup for experimenting different aspects in e-health is setup (Section 5.2) and the results of those experiments (Section 5.3) were documented which would be further analysed in Section 6.

5.2 ExperimentsIn order to evaluate the performance of the application, and security and privacy of the external ID providers, many programmes were written.

5.2.1 External ID Providers

It was necessary to understand what data do the external ID providers, which were included in this project provided. Privacy has been quoted as one of the most important factor in the health care system. Thus, in order to analyse the user privacy and the information provided by external providers, a class was setup as shown below.


40062051 SOC10101

Then a method was setup in order to capture the access token from external ID provider. Once the access token was captured, a regular expression was setup in order to identify the external provider that the access token belonged to, and utilize that access token as a claim to get json object from the provider, which then was converted to string and displayed in the view screen.

However, this experiment wasn’t performed in case of Microsoft, as in order to setup Microsoft as an external provider and get the user details from Microsoft, a valid website with a valid domain was required. Once the access token was validated using the user claims, the model class was populated with the data and was sent to view, where the information that could be retrieved from the user was displayed.

This experiment would give us an idea about the trust in the federated ID provider, which was also discussed in literature review section 2.5.4. The code for the view page could be seen below.


40062051 SOC10101

Similarly, in order to analyse general public’s view about external ID providers and use of federated ID in terms of consuming the service provided by the service provider, a set of questionnaire was created that had questions related to the use of external ID providers to authenticate to a specific website or service.

Similarly, latency was another area that had to be focused on. In health care system, every second is very valuable, thus it was important to measure how long did each ID provider takes in order to authenticate the users. The time taken would be calculated once the user has entered his credentials with the external id providers.

In order to calculate the time taken to authenticate the user, an instance of the class stopwatch under the assembly system.diagnostics was created and start, stop and timespan methods were used in order to calculate the actual time.

5.2.2 Hashing Algorithms

The key management had been cited as one of the most important aspect in terms of implementing the security to the data. From section 4.5, it was seen that different hashing algorithm were used in order to hash the passwords which were used as the key to the data. It was important to understand how secure were those hashing algorithms and how long it would take to crack the hashes that were used as the key.


40062051 SOC10101

In order to evaluate the time taken to crack the hashes, every hash dump files that were retrieved from section 4.5 were run through John-The Ripper and Oph-Crack that were available in Kali Linux and time taken to crack the hash dump were noted.

Figure 29: Using Rainbow table in oph crack

From figure 29 the dictionary used to perform the attack in oph-crack could be seen, whereas in figure 30 the command that is used for cracking the hash dump using john-the ripper could be seen

Figure 30: Using John-The Ripper

Similarly, hashcat (figure 31) was also used as one of the tools to crack the hashes in the password dump file. In order to create the password dictionary, the list of 1,000,000 most popular passwords were downloaded from the internet and saved as a dictionary, which was used to brute force attack the retrieved hashes.

Figure 31: Using HashCat

5.2.3 Comparing AES and DES

From section 4.4, it can be found out that the data were encrypted using 2 encryption methods, AES and DES. Although both of them use symmetric keys to encrypt the data, the


40062051 SOC10101

key size for AES was set as 256 bits whereas DES only used 128 bits, thus the security aspect of those 2 encryption methods would be evaluated.

It was also required to evaluate the disk storage that the encrypted data required in order to store the data. The 2 data encrypted with 2 different encryption methods may consume different disk spaces, thus it is necessary to evaluate the disk space consumed by data while using different encryption methods, and also understand what effect it might have in overall cost of the system. Microsoft azure portal gives us all these information, regarding the disk usage.

Similarly, it was also necessary to evaluate the time taken for the system to display the data record to the users when using different forms of encryption. Time taken is always a critical part of the evaluation, and might have a huge effect on someone’s life. Thus the latency for decrypting the data in each encryption is evaluated.

In order to evaluate the latency in case of decryption, a class that would decrypt the AES encrypted data was created as shown below.

Similarly, a class that would decrypt the DES encrypted data was created as shown below.

Once these classes were created, they were used to decrypt the data that was stored in the database before displaying it to the user when the user chooses to view the data. The time taken to decrypt the data and display it to the user once they have asked for it by clicking the actionlink was calculated by using the assembly system.diagnostic and stopwatch class under it.


40062051 SOC10101

The elapsed time was written in the file and was compared it against each other, along with the time taken to display the data if the files were stored in plain text instead of being encrypted. The code below shows the calculation of time taken by AES decryptor to decrypt the data for each user when ran through the 1000 users. The time taken by DES decryptor was also calculated in the same way.

5.2.4 Stress Test

Load test is one of the crucial factor that is required to analyse the system requirements for the sustainability of the web server. It is always necessary that any web application perform a stress test on their web site before making it public. Stress test will give a developer an idea about the number of simultaneous user that the web server can sustain at a given time. From section 4.6, the settings used while setting up the website could be retrieved. In order to perform the load test, an online tool, blaze meter was used to create the simulated users who are using the web sites, with 1000 iterations. It can be seen in the figure 32.


40062051 SOC10101

Figure 32: Using Blazemeter to create simulation of users

5.3 ConclusionThe main aim of this chapter was to set up an experimentation and parameters against which different aspects of e-health, which were included in section 4, could be evaluated. In order to evaluate the external providers in terms of data privacy and user info, the use of Application programming interface (API) provided by the ID providers were utilized. Similarly, in order to compare the ID providers in terms of time taken to authenticate the users, system.diagnostics name space was used in order to create the time stamp, and elapsed time, which would provide the exact time taken. This has been detailed in section 5.2.1.

Likewise, the same concept of time stamp was used in order to compare the time taken by two symmetric key encryption in order to decrypt the encrypted data. Similarly, password cracking tools such as John-The Ripper, Oph Crack and Hash Cat were used in order to crack the hash algorithm and calculate the time taken to perform the cracking. Load test was also performed in section 5.2.4, by simulating number of users, using the web application simultaneously, and the stress on the web site was calculated.

The results from the experiments and evaluation were extracted and would be analysed in the following chapter i.e. Section 6.


40062051 SOC10101

6 Analysis

6.1 IntroductionThe main aim of this chapter is to consider the results from Section 5, and evaluate and analyse it against different parameters.

Different external ID providers that were integrated in this infrastructure were compared against each other (Section 6.2), mainly in terms of the information provided by them and the time taken to authenticate the user in the system. Similarly, different hash algorithms that were used in section 4.5 is evaluated (Section 6.3) in terms of time taken to crack the hashes generated from section 4.5. Likewise encryption method are also compared (Section 6.4) in terms of the time taken (latency) to decrypt the data.

The importance of load and stress test in a web application is discussed in section 5.2.4, thus the sustainability of the web application would also be measured and analysed (Section 6.5) in terms of number of users using the application simultaneously.

All the aspects of the e-health system implemented in section 4 would also be compared against the previous work that were discussed in Section 2, in terms of different scenarios and parameters (Section 6.6, Section 6.7 and Section 6.8). Finally, the key findings is discussed and concluded in section 6.9.

6.2 Comparing External ID providersOnce the user successfully authenticated themselves with the external ID providers, the user information was requested as seen previously. Table 6 shows the user info that were provided and that were not provided by the external ID provider once requested by user.

Parameters Google Facebook TwitterEmail Yes Yes NoID Yes Yes YesUsername Yes Yes YesFirst Name No Yes NoLast Name No Yes NoGender No Yes NoLocale No Yes YesTime zone No Yes NoAccount Link Yes Yes NoProfile Pic Yes Yes Yes

Table 6: Info provided by external users

Similarly, the time taken by every external provider in order to authenticate the user into the web site can be seen by the graph below in figure 33.


40062051 SOC10101

0:00 3:00 6:00 9:00 12:00 15:00 18:00 21:000

1

2

3

4

5

6

7

8

Latency For External ID Providers

Google Facebook Twitter

UK Time-Zone

Tim

e (s

)

Figure 33: Graph comparing Latency for external ID providers

6.3 Comparing Hashing AlgorithmThe graph in figure 34 shows the time taken to crack passwords in different hash algorithm.

MD5 SHA1 LM/NTLM0

20406080

100120140160180

127168

141

Time Taken to Crack Hashes

Tim

e(s)

Figure 34: Time taken to crack hash

The graph only shows the password that were cracked when a single hashing algorithm was used, however, when the hashes were salted, the passwords couldn’t be retrieved. An attempt was made to crack the hashes using hashcat and john-the ripper, however, they couldn’t be cracked.

6.4 Comparing AES and DESFigure 35, shows disk storage used by the data while in plain text, while encrypted in AES and while encrypted using DES.


40062051 SOC10101

Plain Text AES Encrypted DES Encrypted0

100

200

300

400

500

600

156.38

589.71

428.16

Disk Storage Used

Disk

Sto

rage

(MB)

Figure 35: Disk usage

Similarly, the latency for 1000 users were calculated and were compared against each other. Figure 36 shows the graph of latency per 100 users for plain text, AES encrypted data and DES encrypted data.

1-100 100-200

200-300

300-400

400-500

500-600

600-700

700-800

800-900

900-1000

00.20.40.60.8

11.2

Latency for Encrypted Text

Plain Text AES DES

No. of Users

Tim

e (s

)

Figure 36: Comparison of latency for different encryption method

6.5 Load Test ResultsWhen the load test was performed on the web server by running multiple users simultaneously, the CPU time started going up along with the CPU memory usage, as it can be seen in figure 37

Figure 37: Footprints through web server in Microsoft Azure


40062051 SOC10101

Similarly, when the number of users using the website reached 49, with every user making 1000 iteration of request, the website gave an alarm call and was eventually crashed. This can be seen in figures 38 and 39.

Figure 38: Status of the website in network monitor tool

Figure 39: Monitoring the website

All these activities were monitored using Microsoft Azure cloud portal and PRTG Network Monitor Tool, which gave the real time alarm if the website is overloaded.

6.6 Trust in External ID providersTrust has always been the top priority amongst many people. From the experiments involved with the external ID providers, it can be argued that external ID providers, especially social login providers, couldn’t be trusted in terms of data privacy. It could be seen from section 6.2 and table 6 that Facebook gave almost all the information about the user to the service provider, whereas google and twitter too gave some part of the user information. According to Buchanan, et al. (n.d.), as discussed in section 2.5.4, trust is always a crucial factor in a federation of the ID providers. The study from Buchanan, et al. echoes the same view as the one that is found by the evaluation, i.e. Facebook is the least reliable and trustworthy, in terms of data privacy.


40062051 SOC10101

According to the survey carried out by Buchanan, et al. (n.d.), 56% of users wouldn’t trust Facebook to access their e-health records, whereas out of 37 respondents to the survey carried out by us, only 1 user responded that they would trust Facebook to be their ID provider.

Figure 40: Analysing trust in id providers

Similarly, 25% of users would trust Google to be ID provider, whereas according to Buchanan et al. (n.d.) only 5.88% users would trust google to access their e-health web site. There is also similar contrast in terms of people who would trust Twitter as their ID provider, as according to Buchanan et al. around 10% of users would trust twitter to authenticate them to an e-health record, whereas, according to the survey carried by us, only 2.86% users would trust Twitter.

Likewise, Facebook has more latency while authenticating the user information as compared to Google and Twitter. Although, the average time taken by Facebook to authenticate the user is only about a second more than that of google and twitter, in terms of health care system, even that one second might prove valuable and can make a huge difference.

6.7 Choice of Encryption MethodologiesFrom the evaluation of the hashing algorithms, it was concluded that the use of single hashing algorithm in order to store key or passwords could be easily cracked by the brute force or permutation attack. As stated by Buchanan (n.d.), with the use of parallel processing, multi-


40062051 SOC10101

core computing and super computers such as BluGene, which is 1.8 million times more powerful than a standard pc, it doesn’t take that long to crack a password by brute force.

However, use of password based cryptography service or use of salt in order to hash the password can give an extra protection to the passwords. This might still not be the safest option, however, it takes an extra effort to crack the password using this method as the hash value changes every single time compared to hashing without any salt values, in which hash value for a given word or letter is always the same (Kumar, et al., 2013). As it was found out by our experiments and results that the passwords which have been salted couldn’t be cracked by brute force or dictionary attack in compared to the one which wasn’t salted.

In this system, user passwords are used as their respective key to their data. This practice is not recommended, as it leaves both the data and user identity vulnerable to the brute force attack. The other recommendation or alternative to this practice could be generation of random key for every user and use of encryption in those keys. This method would protect data from any dictionary attack that a hacker might attempt, whereas, it will also give extra protection from brute force attack.

Similarly, in terms of performance comparison between AES and DES, from section 2.7, it was argued by Verma, et al. (2011) that AES has better throughput than that of DES. Similar views were also echoed by Singh & Maini (2011), where they found that time taken to decrypt an encrypted text is less for AES in comparison to DES or Triple DES. However, our experimentation shows different results to theirs, where it was found out that AES took longer to display the decrypted text than DES. The reason behind it could be cited as application level decryption, as the encrypted values are being read by the application first, then been decrypted and finally was visible to the user, whereas the simulation performed by the above mentioned authors were performed only in one single platform, where there was no data transfers. In terms of security, AES is much more secure than DES, the main reason being, it uses larger key size in comparison to DES.

6.8 Number of Cloud instancesFrom the evaluation of the website, it can be concluded that the infrastructure specifications that were used while setting up the website cannot sustain the huge number of users simultaneously. It is extremely important that the web server is running all the time, and it shouldn’t go down at any time. Thus, the memory and CPU usage of the website needs to be increased or there needs to be a provision of creating a new cloud instance once the limit of the users reaches. However, low carbon footprint and the cost also needs to be taken into account while performing this task.

6.9 ConclusionsThe analysis from the results produced from the experiments suggests to us that use of external ID providers, especially the social providers, should be reconsidered, as it is not trustworthy in terms of sharing of private information. From section 6.2, it was concluded that social providers would give away many user information, that user may want to keep secret. This view is also agreed by Buchanan, et al. (n.d.) in their paper.

Similarly, comparison between AES and DES encryption method for the data encryption was performed and it was found out that in the system designed, DES has quicker rate of decrypting the encrypted data, however, throught the discussion in section 6.7, it was concluded that the conditions used in the system could have the possible impact on the rate of decrypting of the data.


40062051 SOC10101

This chapter also draws the attention towards the use of hash in the key management and stresses that hashing of the key may not be the safest method of storing the key. From section 6.3, it was concluded that password cracking tools wouldn’t take long in order to crack the hash of the password by making the use of brute force or dictionary attack Buchanan (n.d.).

This chapter also provides the analysis of the requirement of the web server required for the continuous operation of a system, and the number of cloud instance that is required in different conditions. It also stresses on the importance of low carbon footprint and low cost measures while choosing the cloud environment.


40062051 SOC10101

7 Conclusion

7.1 IntroductionThis chapter will give us the overview on how the main aim and objectives that were set at the beginning of this project were met (Section 6.2). It also analyses the overall project by providing the critique to the designed system (Section 6.3) and comparing it against the previous e-health system. It also gives the reflection (Section 6.4) on the difficulties faced during the project along with the methods followed to overcome them, and the skills learned through the course of the project. This chapter will conclude by providing a discussion on the possible future works (Section 6.5) that could be performed in this area.

7.2 Meeting the ObjectivesFrom section 1.3, the initial objectives of the project were set as:

Produce a literature review on authentication measures for e-health system over the cloud, focusing on federated identity management system, authorization measures, access control and data security

Design and implement a user interface for users to authenticate themselves to get the access to the resources in the application.

Evaluate effectiveness and performance of the application by simulating a certain number of users to consume services simultaneously. Also evaluate the vulnerability and data security of the user data by performing white box pen testing.

7.2.1 Objective 1

The first objective was met by providing a detailed literature review on cloud computing and e-health systems. The current state of e-health care system in different parts of the world was discussed and different frameworks that had been proposed towards the implementation of e-health system were reviewed. It was established that data security and privacy is the major component in an e-health system, alongside the authentication and authorization. A detailed research was also carried on Federated ID management system, which is believed to be the next generation authentication infrastructure. There was also a detailed review on the data encryption methods in order to work towards data security.

From literature review, it was concluded that e-health system still faces lots of challenges from different aspects of IT and computing. It also faces many challenges from user perspective, as the user needs to be totally convinced in terms of data security and privacy, before they accept this system. Thus, it was necessary to produce an e-health infrastructure, which would be focused on the user and their convenience, along with maintaining the basic requirements of an e-health infrastructure i.e. data security and user privacy. From the literature review, the following requirements were extracted that were considered during the design of the system:

Use of Federated ID Management system to save users from creating and remembering complex passwords

Data Encryption, in order to protect user’s sensitive data from being revealed to unwanted third party. Use of hashing algorithms in key management.


40062051 SOC10101

Deployment of the web application to cloud infrastructure.

7.2.2 Objective 2

The second objective of designing and implementing a user interface that allowed users to authenticate themselves into a system and get access to their data was met. The user interface was designed using ASP.NET MVC5 and making the use of different libraries in C#. User data were stored over the Microsoft Azure cloud in the SQL database. The use of tools and platforms were justified in section 3.3

External ID providers were chosen in order to create a federation of ID management and was successfully connected to the web system. Likewise, data encryption was performed by using application level encryption through visual studio 2013, and once all the tasks in development server was completed, the application was deployed over the Azure cloud system, and was made available in evaluation.

7.2.3 Objective 3

The third objective was met by evaluating different aspects of data security and system performance. Few applications were created in C# in order to carry out the performance analysis of the methodologies that were used in the implementation. Likewise, few external tools were used in order to simulate a particular number of users to use the application at the same time. Similarly, the details of the performance of the web server could also be extracted by making the use of Microsoft azure web portal. This gave the broad analysis of the requirement of the infrastructure in order to implement the e-health system in the real life scenario.

7.3 Critical AnalysisThis section discusses the strengths and weaknesses on the designed system in relation to the framework that were discussed in the literature review. Although the main aim and all the objectives have been met, it is necessary to acknowledge that there are few limitations in this system.

The major shortcoming of this system is that it doesn’t have provision for sharing of data with other users. From literature review, it was concluded that data sharing is one of the important aspects in an efficient and effective e-health system (Russello, et al., 2008). However, the health system designed in this project doesn’t cover that aspect, as it required extensive work on access control policy. This couldn’t be achieved due to the time constraint and lack of required skills in XML policy languages.

Early warning score is another area that couldn’t be evaluated with this system. It is necessary to identify the risk if the data pattern is abnormal, and alert the users as quickly as possible (Fan, et al., 2011). However, this feature was not included in this system, because all the data that are used in this system are simulated by making the use of Random number generator, and even if the early warning system would have been integrated, it wouldn’t be realistic as compared to the real life scenario.

Despite these shortcomings, this system covers the authentication and data security through the means of encryption. Authentication is one of the major requirements in an e-health system. This system covers the authentication of user to the system either by the means of single sign on log in through federated identity, or by using local account to log in. Either way, users can be assured that they are authenticated securely.


40062051 SOC10101

Data security is another area that has been covered by this system. Different means of encryption and layers of security were provided to the user data, so that the confidentiality and integrity of the data remained intact. Use of symmetric key encryption along with the encryption of the key used for encrypting data has provided an extra layer of security to the data in the database. However, as discussed in section 2.3, the selection of key was an area of concern. Since the keys used to encrypt the data were same as their password to the local account, the intruder could get an access to the key by performing any brute force attack or dictionary attack, which would then result in the loss of confidentiality of data. Moreover, the attack pattern were all offline attacks only, so, in order to analyse the vulnerability of the system, some of the online attacks such as hydra or burpsuite could be performed.

This project also provides a reflection on use of social accounts as an ID provider. It can act as a benchmark in terms of comparison between the social accounts as an ID provider in terms of data privacy and latency in authentication.

This project can also provide the rough idea about the system requirement in order to develop a web based infrastructure for e-health. Although the simulated users are negligible compared to the possible real life users, it provides developers a guideline to set the infrastructure in terms of number of expected users, thus giving the reflection on the cost of the overall system.

7.4 ReflectionDesigning and implementing an e-health infrastructure was a huge challenge in itself because of the amount of subject area that was involved in it. Thus it was necessary to be focused in one or two areas and perform an in depth research on it. At the start of this project, the main aim and objectives were not clear, as there were lots of things that could be done in relation to the security in e-health. Even during the research in relation to the e-health, the main target of the project weren’t clear. Thus a thorough research was performed in all the aspects of e-health.

During the initial state of the project, focus was emphasised towards federated ID management. A detailed literature review was carried on different types of existent federations and the process of single sign on. Then the focus shifted towards making the use of Microsoft Health Vault to connect the web application with the health vault, however, after spending quite a bit of time, there were no fruitful results in integration of health vault in the project. Thus, the idea of using Microsoft health vault was stopped and focus was put on creating the own data base with own data sets and users.

In order to do this, there were some skills that were required to be learnt. That involved making the use of SQL commands and queries. However, after learning some tutorials and some videos, it was possible to perform SQL queries through C#.

XACML was another area where the research was done, however, just like Microsoft Health Vault, after spending some time, the security based policy didn’t produce the expected results. Thus, it was necessary to implement some other security measures instead of implementing the authorization policy to protect the unauthorised access of data. At that time, after doing some research on previously implemented frameworks on e-health, data encryption using symmetric key was implemented. Thus this project was mainly focused towards implementing user authentication and maintaining data security using encryption methods.

In terms of project management, this project has been successfully managed from start to finish. A time plan was created at the start of the project and every attempt was made to


40062051 SOC10101

remain in the right track throughout the project. During certain instances, it felt as if the project was falling behind the schedule, especially, when couple of tasks didn’t give the right results and the alternatives to project had to be decided, however, with the continuous work and dedication, this project was brought on track again. Moreover, the weekly meetings with the supervisor also helped a lot in maintaining the right track of the project and not deviating to anywhere else.

Having only had a basic skill in C#, the completion of this project helped gain valuable sklls from basic SQL and cloud computing to more advanced web skills and cryptography skills. Thus, this project has been a great inclining curve in learning new skills and understanding the subject area of web skills, SQL, data security and cryptography, and cloud computing.

7.5 Future WorksE-Health system has a great potential to take over the typical health care system around the world. With the great benefits and excitements, it also brings together a lot of challenges in terms of its adoption within general public. The prototype presented in this project outlines some of the major requirements of an e-health system, however there is a great amount of research yet to be done in this area.

Further research needs to be done on the use of single sign on to allow authentication in the e-health system. The health regulation bodies around the world could form a federation together so the patient from different countries could use a federation of health care to authenticate themselves. Further more, truse issue is an essential matter that needs additional attention while performing the authentication with federated bodies.

Similarly, the introduction of multi-factor authentication is the future of the authentication in the health care system. Use of Bio-metrics or Iris scan can provide an extra layer of protection to the traditional username password combination. Similarly, an introduction of 3 factor or even 4 factor authentication, as discussed previously in the literature review section 2.4.2.1, should be introduced in order to authenticate the user to an e-health system.

One of the major flaws that could be cited in this project was key management. Key management is always important in terms of data security and it is a good practice to have a separate key for separate users. The key holds the overall data security of the system implying on additional research to be carried on the encryption of key.

Data sharing is another area that needs an extensive work. It is always difficult to determine the correct policy that includes all the parties and satisfies the security structure of an organizations. The use of XACML has been proposed while the uncharacteristic decision making nature during the conflict of policy raises questions on its uses. Thus, further research need to be performed on the authorization policy and security structure in an organization and integration of early warning system in the e-health system, as it allows more time for patients to get medication or precaution in relation to the alert that has been generated. An alert should be generated as soon as the data pattern is abnormal, so that the patients is aware of his/her health status.

As stated previously, NHS plans to implement an e-health systems by 2020 (Government, 2015). It is necessary to perform an intrinsic and inclusive load test to analyse the performance of the system when ready as it needs to cover 64 million people. Although this project provides a basic idea about the infrastructure requirements, it is only limited to 50 people, which does not suffice to provide an overall estimation of the system requirement. It is also necessary to do the load test in order to estimate the budget for the e-health system.


40062051 SOC10101

Although the cloud has become cheaper recently but when it comes to providing cloud service for over 64 million of population, the cost also increases.


40062051 SOC10101

8 References

AbuKhousa, E., Mohamed, N. & Al-Jaroodi, J., 2012. e-Health cloud: opportunities and challenges. Future Internet, 4(3), pp. 621-645.

Adams, C., 2011. Kerberos Authentication Protocol. In: Encyclopedia of Cryptography and Security. s.l.:Springer, pp. 674-675.

Al-Janabi, S. T. & Rasheed, M. A.-s., 2011. Public-key cryptography enabled kerberos authenticaiton. In: Developments in E-systems engineering (DeSE). s.l.:IEEE, pp. 209-214.

Alliance, L., 2002. Liberty alliance project. [Online] Available at: http://www. projectliberty.org

Alsaleh, M. & Adams, C., 2006. Enhancing consumer privacy in the liberty alliance identity federation and web services frameworks. In: Privacy Enhancing Technologies. s.l.:Springer, pp. 59-77.

Al-Taee, M. A., Sungoor, A. H., Abood, S. N. & Philip, N. Y., 2013. Web-of-Things inspired e-Health platform for integrated diabetes care management. In: Applied Electrical Engineering and Computing Technologies (AEECT), 2013 IEEE Jordan Conference on. s.l.:IEEE, pp. 1-6.

Anderson, A., 2005. A comparison of two privacy policy languages: EPAL and XACML. s.l.:Sun Microsystems, Inc. .

Anderson, J. G., 2007. Social, ethical and legal barriers to e-health. International journal of medical informatics, 76(5), pp. 480-483.

Andreassen, H. K. et al., 2007. European citizens' use of E-health services: a study of seven countries. BMC public health, 7(1), p. 53.

Anon., 2005. Liberty Alliance project white paper: Liberty ID-WSF people service-Federated social identity, s.l.: s.n.

Anon., 2011. National strategy for Trusted Identities in Cyberspace. [Online] Available at: http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf[Accessed 20 October 2014].

Anon., 2014. Eurostat. [Online] Available at: http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises[Accessed 19 01 2015].

Anon., n.d. Centre for Retail Research. [Online] Available at: http://www.retailresearch.org/onlineretailing.php

Anon., n.d. Cloud Computing Statistics. [Online] Available at: http://siliconangle.com/blog/2014/01/27/20-cloud-computing-statistics-tc0114/[Accessed 19 01 2015].


40062051 SOC10101

Armando, A. et al., 2008. Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proceedings of the 6th ACM workshop on Formal methods in security engineering. s.l.:ACM, pp. 1-10.

Armstrong, D. et al., 2005. Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome. Archives of Internal Medicine, 165(10), pp. 1125-1129.

Ashley, P. et al., 2003. Enterprise privacy authorization language (EPAL 1.2). Submission to W3C.

Ball, M. J. & Lillis, J., 2001. E-health: transforming the physician/patient relationship. International journal of medical informatics, 61(1), pp. 1-10.

BBC, 2010. Has new technology taken over our lives?. [Online] Available at: http://www.bbc.co.uk/blogs/legacy/haveyoursay/2010/08/has_new_technology_taken_over.html[Accessed 20 03 2015].

BeanSoftware, 2014. Easy Intro to ASP.NET MVC. [Online] Available at: http://www.beansoftware.com/ASP.NET-Tutorials/Intro-ASP.NET-MVC.aspx[Accessed 02 2015].

Benhamou, P.-Y., 2011. Improving diabetes management with electronic health records and patients’ health records. Diabetes and metabolism, Volume 37, pp. 53-56.

Bertino, E., Paci, F., Ferrini, R. & Shang, N., 2009. Privacy-preserving Digital Identity Management for Cloud Computing.. IEEE Data Eng. Bull., 32(1), pp. 21-27.

Blaya, J. A., Fraser, H. S. & Holt, B., 2010. E-health technologies show promise in developing countries. Health Affairs, 29(2), pp. 244-251.

Brainard, J. et al., 2006. Fourth-factor authentication: somebody you know. In: Proceedings of the 13th ACM conference on Computer and communications security. s.l.:ACM, pp. 168-178.

Brostoff, S., Jennet , C., Malheiros, M. & Sasse, M. A., 2013, November. Federated Identity to Access e-Government Services: Are Citizens Ready for This?. In: Proceedings of the 2013 ACM workshop on Digital Identity Management. s.l.:ACM, pp. 97-108.

Buchanan, W. J. et al., n.d. Who Would You Trust To Identify You In Accessing Your Health. In: Communications in Computer and Information Science. Edinburgh: Springer.

Buchanan, W. J., n.d. [Online] Available at: http://billatnapier.com/unit03.pdf

Buecker, A. et al., 2005. Federated Identity Management and Web Services Security. IBM Redbook.

Buecker, A. et al., 2005. Federated identity management and web services security with IBM tivoli security solutions, s.l.: s.n.

Burr, W. E., Dodson, D. F. & Polk, W. T., 2006. Electronic authentication guideline. [Online] Available at: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

Chadwick, D. W., 2009. Federated Identity Management. In: A. Aldani, G. Barthe & R. Gorrieri, eds. Foundations of Security Analysis and Design V. Berlin Heidelberg: Springer,


40062051 SOC10101

pp. 96-120.

Dahbur, K., Mohammad, B. & Tarakji, A. B., 2011. A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the 2011 International conference on intelligent semantic Web-services and applications. s.l.:ACM, p. 12.

Dansky, K. H., Thompson, D. & Sanner, T., 2006. A framework for evaluating eHealth research. Evaluation and program planning, 29(4), pp. 397-404.

de Melo Silva, L., Araujo, R., da Silva, F. L. & Cerqueira, E., 2014. A new architecture for secure storage and sharing of health records in the cloud using federated identity attributes. In: e-Health Networking, Applications and Services (Healthcom), 2014 IEEE 16th International Conference on. s.l.:IEEE, pp. 194-199.

Delfs, H. & Knebl, H., 2007. Symmetric-key encryption. In: Introduction to Cryptography. s.l.:Springer, pp. 11-31.

DiabetesUk, 2015. Diabetes UK. [Online] Available at: http://www.diabetes.org.uk/Guide-to-diabetes/What-is-diabetes/[Accessed 06 04 2015].

Ding, Y. & Klein, K., 2010. Model-driven application-level encryption for the privacy of e-health data. In: Availability, Reliability, and Security, 2010. ARES'10 International Conference on. s.l.:IEEE, pp. 341-346.

Dua, G., Gautam, N., Sharma, D. & Arora, A., 2013. Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password. arXiv preprint arXiv:1304.3550.

Ekonomou, E., Fan, L., Buchanan, W. & Thuemmler, C., 2011. An integrted cloud-based healthcare infrastructure. In: Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on. s.l.:IEEE, pp. 532-536.

El Maliki, T. & Seigneur, J.-M., 2007. A survey of user-centric identity management technologies. In: Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on. s.l.:IEEE, pp. 12-17.

Eysenbach, G., 2001. What is e-health?. Journal of medical Internet research, 3(2).

Fan, L. et al., 2011. DACAR platfrm for eHealth services cloud. In: Cloud Computing (Cloud), 2011 IEEE International Conference on. s.l.:IEEE, pp. 219-226.

Fengou, M. et al., 2013. A new framework architecture for nexte generation e-health services. Biomedical and Health Informatics, IEEE Journal of, 17(1), pp. 9-18.

Florencio, D. & Herley, C., 2007. A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web. s.l.:ACM, pp. 657-666.

Ford, D. V. et al., 2009. The SAIL Databank: building a national architecture for e-health research and evaluation. BMC Health Services Research, 9(1), p. 157.

Gaedke, M., Meinecke, J. & Nussbaumer, M., 2005. A modeling approach to federated identity and access management. In: Special interest tracks and posters of the 14th international conference on World Wide Web. s.l.:ACM, pp. 1156-1157.

Gao, H. et al., 2008. Yagp: Yet another graphical password strategy. In: Computer Security Applications Conference, 2008. ACSAC 2008. Annual. s.l.:IEEE, pp. 121-129.

Gomes, H., Cunha, J. P. & Zuquete, A., 2007. Authentication architecture for eHealth professionals. In: On the Move to Meaningful Internet Systems 2007: CoopIS, DOA,


40062051 SOC10101

ODBASE, GADA, and IS. s.l.:Springer, pp. 1583-1600.

Goodin, D., 2012. 25-GPU cluster cracks every standard Windows password in <6 hours|Ars Technica. [Online] Available at: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/[Accessed 13 02 2015].

Goodner, M. et al., 2007. Understanding ws-federation. Microsoft and IBM.

Government, S., 2015. e-health. [Online] Available at: http://www.ehealth.scot.nhs.uk/wp-content/uploads/Health-Social-Care-Information-Sharing-A-Strategic-Framework-2014-2020.pdf[Accessed 02 04 2015].

Grobauer, B., Walloschek, T. & Stocker, E., 2011. Understanding cloud computing vulnerabilities. Security & privacy, IEEE, 9(2), pp. 50-57.

Grossman, R. L., 2009. The case for cloud computing. IT professional, 11(2), pp. 23-27.

Hall, R. E., 2012. This Land of Strangers: The Relationship Crisis That Imperisl Home, Work, Politics, and Faith. 1 ed. Austin, TX: Greenleaf Book Group Press.

Han, S., Skinner, G., Potdar, V. & Chang, E., 2006. A framework oof authentication and authorization for e-health services. In: Proceedings of the 3rd ACM workshop on Secure web services. s.l.:ACM, pp. 105-106.

Hardt, D., 2012. The OAuth 2.0 authorization framework. s.l.:s.n.

Heck, C., Petry, D. & Marques, J. L. B., 2013. Development of an e-Health System to Detect Autonomic Neuropathy in Individuals with Diabetes. In: V Latin American Congress on Biomedical Engineering CLAIB 2011 May 16-21, 2011, Habana, Cuba. s.l.:Springer, pp. 1288-1291.

HIPAA, 2013. Health Information Privacy. [Online] Available at: http://www.hhs.gov/ocr/privacy

Hsu, J. et al., 2005. Use of e-Health services between 1999 and 2002: a growing digital divide. Journal of the American Medical Informatics Association, 12(2), pp. 164-171.

Inzucchi, S. et al., 2012. Management of hyperglycaemia in type 2 diabetes: a patient-centered approach. Position statement of the American Diabetes Association (ADA) and the European Association for the Study of Diabetes (EASD). Diabetologia, 55(6), pp. 1577-1596.

Jensen, J., 2011. Benefits of federated identity management- A survey from an integrated operations viewpoint. In: Berlin Heidelberg: Springer , pp. 1-12.

Jha, A. K. et al., 2008. The use of health information technology in seven nations. International journal of medical informatics, 77(22), pp. 848-854.

Josang, A. et al., 2005. Trust requirements in identity management. In: Proceedings of the 2005 Australasian workshop on Grid computing and e-research-Volume 44. s.l.:ACM, pp. 99-108.

Kelley, P. G. et al., 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: Security and Privacy (SP), 2012 IEEE Symposium on. s.l.:IEEE, pp. 523-537.


40062051 SOC10101

Kumar, H. et al., 2013. Rainbow table to crack password using MD5 hashing algorithm. In: Information & Communication Technologies (ICT), 2013 IEEE Conference on. s.l.:IEEE, pp. 433-439.

Kumari, A. & Kushwaha, D. S., 2011. Kerberos Style Authentication and Authorization through CTES Model for Distributed Systems. In: Computer Networks and Intelligent Computing. s.l.:Springer, pp. 457-462.

Landau, S. & Moore, T., 2012. Economic Tussles in Federated Identity Management. First Monday, 17(10).

Leandro, M. A. et al., 2012. Multi-tenancy authorization system with federated identity for cloud-based environments using shibboleth. In: ICN 2012, The Eleventh International Conference on Networks. s.l.:s.n., pp. 88-93.

Leandro, M. A. et al., 2012. Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth. In: ICN 2012, The Eleventh International Conference on Networks. s.l.:s.n., pp. 88-93.

Li, C.-T. & Hwang, M.-S., 2010. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), pp. 1-5.

Li, M. et al., 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. Parallel and Distributed Systems, IEEE Transactions on, 24(1), pp. 131-143.

Lohr, H., Sadeghi, A.-R. & Winandy, M., 2010. Securing the e-health cloud. In: Proceedings of the 1st ACM International Health Informatics Symposium. s.l.:ACM, pp. 220-229.

Lonea, A. M., Tianfield, H. & Popescu, D. E., 2013. Identity management for cloud computing. In: New Concepts and Applications in Soft Computing. s.l.:Springer, pp. 175-199.

Lounis, A., Hadjidj, A., Bouabdallah, A. & Challal, Y., 2012. Secure and scalable cloud-based architecture for e-health wireless sensor networks. In: Computer communications and networks (ICCCN), 2012 21st international conference on. s.l.:IEEE, pp. 1-7.

Madsen, P., Koga, Y. & Takahashi, K., 2005, November. Federated Identity Management for Protecting Users from ID Theft. In: Proceedings of the 2005 workshop on Digital Identity Management. s.l.:ACM, pp. 77-83.

Mair, F. S. et al., 2012. Factors that promote or inhibit the implementation of e-health systems: an explanatory systematic review. Bulletin of the World Health Organization, 90(5), pp. 357-364.

Maler, E. & Reed, D., 2008. The Venn of Identity. IEEE Security and Privacy, 6(2), pp. 16-23.

Mantas, G., Lymberopoulos, D. & Komninos, N., 2009. Integrity mechanism for ehealth tele-monitoring system in smart home environment. In: Engineering in Medicine and Biology Society, 2009. EMBC 2009. Annual International Conference of the IEEE. s.l.:IEEE, pp. 3509-3512.

Mazzoleni, P., Crispo, B., Sivasubramanian, S. & Bertino, E., 2008. XACML policy integration algorighms. ACM Transactions on Information and system security (TISSEC), 11(1), p. 4.

Mbanaso, U. M., Cooper, G., Chadwick, D. W. & Proctor, S., 2006. Privacy preserving trust authorization framework using XACML. In: Proceedings of the 2006 International


40062051 SOC10101

Symposium on on World of Wireless, Mobile and Multimedia Networks. s.l.:IEEE Computer Society, pp. 673-678.

Mell, P. & Grance, T., 2011. The NIST definition of cloud computing. s.l.:Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology.

Mercuri, R. T., 2004. The HIPAA-potamus in health care data security. Communications of the ACM, 47(7), pp. 25-28.

Microsoft, 2015. ASP.NET. [Online] Available at: http://www.asp.net/mvc[Accessed 02 2015].

Morgan, R. et al., 2004. Federated Security: The Shibboleth Approach. Educause Quarterly, 27(4), pp. 12-17.

Ni, Q. et al., 2010. Privacy-aware role-based access control. ACM Transactions on Information and System Security (TISSEC), 13(3), p. 24.

Oladimeji, E. A., Chung, L., Jung, H. T. & Kim, J., 2011. Managing security and privacy in ubiquitous eHealth information interchange. In: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication. s.l.:ACM, p. 26.

Parliament, B., 1998. Data protection act of 1998. s.l.:s.n.

Peyton, L., Hu, J., Doshi, C. & Seguin, P., 2007. Addressing privacy in a federated identity management network for ehealth. In: Management of eBusiness, 2007. WCMeB 2007. Eighth World Congress on the. s.l.:IEEE, p. 12.

Riedl, B., Grascher, V. & Neubauer, T., 2008. A Secure e-Health Architecture based on the Appliance of Pseudonymization. Journal of Software, 3(2), pp. 23-32.

Rimal, B. P., Choi, E. & Lumb, I., 2009. A taxonomy and survey of cloud computing systems. In: INC, IMS and IDC, 2009. NCM'09. Fifth International Joint Conference on. s.l.:IEEE, pp. 44-51.

Rouse, M., 2011. Model-View-Controller. [Online] Available at: http://whatis.techtarget.com/definition/model-view-controller-MVC[Accessed 02 2015].

Rozenblum, R. et al., 2011. A qualitative study of Canada’s experience with the implementation of electronic health information technology. Canadian Medical Association Journal, 183(5), pp. 281-288.

Russello, G., Dong, C. & Dulay, N., 2008. A workflow-based access control framework for e-health applications. In: Advanced Information Networking and Applications-Workshops, 2008. AINAW 2008. 22nd International Conference on. s.l.:IEEE, pp. 111-120.

Sanchez, M., Lopez, G., Gomez-Skarmeta, A. F. & Canovas, O., 2008. using microsoft office infopath to generate XACML policies. In: E-Business and telecommunication networks. s.l.:Springer, pp. 134-145.

Shim, S. S., Bhalla, G. & Pendyala, V., 2005. Federated identity management. Computer, 38(12), pp. 120-122.

Singh, S. P. & Maini, R., 2011. Comparison of data encryption algorithms. International Journal of Computer Science and Communication, 2(1), pp. 125-127.


40062051 SOC10101

Spanakis, E. G. et al., 2012. Diabetes management using modern information and communication technologies and new care models. Interactive journal of medical research, 1(2).

Sudha, M., 2012. Enhanced security framework to ensure data security in cloud computing using cryptography. Advances in Computer Science and its Applications, 1(1), pp. 32-37.

Sultan, N., 2010. Cloud computing for education: A new dawn?. International Journal of Information Management, 30(2), pp. 109-116.

Sun, S.-T. & Beznosov, K., 2012. the devil is in the (implementation) details: an empirical analysis of oauth sso systems. In: Proceedings of the 2012 ACM conference on Computer and communications security. s.l.:ACM, pp. 378-390.

Thakur, J. & Kumar, N., 2011. DES, AES and Blowfish: Symmetric key cryptography algorithms simulation based performance analysis. International journal of emerging technology and advanced engineering, 1(2), pp. 6-12.

Verma, O., Agarwal, R., Dafouti, D. & Tyagi, S., 2011. Peformance analysis of data encryption algorithms. In: Electronics Computer Technology (ICECT), 2011 3rd International Conference on. s.l.:IEEE, pp. 399-403.

Wang, Y.-y., Liu, J.-y., Xiao, F.-x. & Dan, J., 2009. A more efficient and secure dynamic ID-based remote user authentication scheme. Computer communications, 32(4), pp. 583-585.

Wilkowska, W. & Ziefle, M., 2012. Privacy and data security in E-health: Requirements from the user's perspective. Health informatics journal, 18(3), pp. 191-201.

Wilson, E. V. & Lankton, N. K., 2004. Modeling patients' acceptance of provider-delivered e-health. Journal of the American Medical Informatics Association, 11(4), pp. 241-248.

Yang, G., Wong, D. S., Wang, H. & Deng, X., 2008. Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), pp. 1160-1172.

Yan, L., Rong, C. & Zhao, G., 2009. Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. In: Cloud Computing. s.l.:Springer, pp. 167-177.


40062051 SOC10101

Appendix 1 Initial Project Overview

Name: Biraj Prajapati Title: Next generation authentication for cloud based services Matriculation N0: 40062051 Introduction As stated in Paul Madsen's work “In today's online world, the oft-repeated saying 'it's not what you know, it's who you know' is very apt.”, federated identity has become one of the most popular topic in today's world of Internet and technology. Many organizations these days are looking for ways to improve their business, expand the reach of their contacts and make the reach of their services wider. Cloud computing has come across as the solution for all the queries that the organizations face. According to NIST “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Cloud computing is one of the very popular and fast growing technology in this modern world. It's being used more and more these days because of the ease of use and cost efficiency. However, with the growing technology, more people and organizations are concerned about the secure ways of managing data over the internet. The consequences of the identity leakage might be severe on an individual or an organization. In this current state of the online world, information is being exchanged around the globe in seconds using advanced technology. Hence, there has to be a means or a standard that would allow client to access server resource on behalf of a resource owner. The study shows that there are more than a billion websites that are active at this time. Most of those websites are created to provide services that the users consume in their day to day life. Every time a user consumes the new web service, they have to create new credentials. Most users find it time consuming and many of them forget their credentials to enter the website. This is one of the reasons for the creation of federated identity. Users can use their credentials from few selected web service that provide the access tokens to verify their identity to use different web service. Currently, there are few web services that act as an identity providers in order to provide authorization on the behalf of the user. Facebook, twitter, Microsoft, Google, etc. are few of them to name. They use authentication protocols to provide the authentication. SAML, OpenID, OAuth are few of the popular authentication protocol that exist at the


40062051 SOC10101

moment. However, different private and government organizations may not prefer the use of these protocols as their identity management system, as they lack anonymity and the data might be might be misused. There are also possibilities of people falling victim to data phishing. This project will investigate further on these protocols, to provide end user a secure identity management system which will integrate with role-based security for the cloud based services. We would integrate and evaluate this system for e-health service, so that e-health users can log in to their account in a secure way, which enables them and the selected health personnel to access their personal and medical records. Deliverables Investigation of authentication infrastructure and usage of protocols such as SAML, OAuth, etc. in current cloud based services Design on role based system with identity management Implementation of an integration authentication infrastructure with services provided from the cloud, especially e-health, and role-based security applied to them Evaluation of the performance of the infrastructure. Target Audience for the Deliverables: Cloud based services are very popular in the current market. Almost all of the business and public organization are moving to the cloud based web services for it is cost efficient and easy to use. Hence, the end product of this project i.e. secure identity management system can be used by any industry that provides web services via cloud. Since this system would be built mainly for the purpose of providing secure web service for e-health, it can be used by any health organizations or health professional that adapt to the latest technologies and keep patient’s record Hence, this authentication tool would be used mainly by e-health services. The Work to be undertaken: As a part of literature review, research would be done on authentication methods. We would review few of the authentication protocols, such as OAuth, Kerberos, SAML and EduRoam. We would also produce a review on popular identity providers such as Facebook, Google and MiiCard and review on the trust level for each identity provider. We would review compliance regulation within healthcare so that all the laws are taken into account while storage of health care data. We would also produce a review on cryptography and encryption methods. In our design part, we would select the framework where all the work would be carried out. Then we would create the base model of the system and also the database that we would be creating. Azure would be used to store the database that contains the patient’s data. The framework that would be used to build this system is .Net. We would then start implementing our design in to practice by populating the database with patient’s data. We would write up SQL queries for this. We would also make sure that the data are encrypted with the correct encryption methods. While coding for .Net, we would make sure that the people with certain role would have access to certain data, so the role


40062051 SOC10101

based security would be implemented in this system. After we have everything ready, we would deploy our system to the cloud. To evaluate the system, we would simulate the large number of users to use the system at the same time, and analyse the speed and performance of the system. We would also simulate attack with DOS and do NMAP and pen test to our system to make sure that our system is secure. Additional Information/ Knowledge Required: Concept of database needs to be understood. We would require knowledge about the SQL queries. We would require understanding the encryption method to keep the patient’s records safe. We would also need to learn more about the possible threats or attacks that the data base might face. We would need to have deep understanding on cloud system and data base system. For the development phase, we will need previous experience in ASP.NET and working in virtual environment. We will also need to have knowledge about the azure cloud, how to build an application and deploy it to the cloud for the online services. Information Sources that provide a context for the project: In order to do the literature review, I would go through the research papers in the related field. Research papers that have information about the authentication protocols, their cons and advantages, would be used. We would also study the past works done in the field of e-health, their approach towards the development of the infrastructure. MSDN website would be an ideal help to learn more about azure cloud and its feature. We can also learn about development in c#/.Net environment from this web site. To have more understanding about ASP.Net, we would use http://www.w3schools.com/aspnet/. Finally, we would also consult some lecturers and research students for their advice and feedback on this context. Importance: We all are aware that internet security is one of the growing concerns in today’s technology. This project will acknowledge the issues that an organization might face while deploying their services to the fast growing cloud technology. This project is also important to make use of technology in health sector. Health sector is one of the areas that demand the great digitalization. The big data that we retain from these services could be used to analyse and solve many issues in medical and pharmaceutical world. This project will also answer the question that common people have while consuming the web service i.e. is it safe to use the single sign on system? The key challenges to be overcome: The major challenge for this project would be the time constrain. There are a lot of work to be undertaken, lots of research to be done and lots of skills to be learned. However, with the proper planning and proper guideline from the supervisor, we plan to achieve all the deliverables of this project and prepare a proper report on it, on a given time.


http://www.w3schools.com/aspnet/

40062051 SOC10101

Learning the skill set required for this project is also one of the major challenges in this project. However, with the right guidance from the supervisor and lecturers, and with the help of information sources, it is possible to learn the skills required for this project. Finally, competence in academic writing would be the biggest challenge I might come across. To overcome this constrain, I arrange an appointment with Kendall Richards and take tips from him on how to improve academic writing. Project Plan: Figure 1 shows my project plan for this project. I am planning on writing my dissertation as I complete the tasks, so that it would allow me plenty of time at the end to finalise the dissertation, and carry on necessary proof reads.

Figure 1: Gantt chart for the project


40062051 SOC10101

Appendix 2 Report on IPO

Report on the IPO

This form should be completed by the Second Marker after reading the student’s Initial Project Overview (IPO) form, which will be provided to you by the Projects Administrator. If the answer to any of the following questions is ‘no’, then please provide further information as indicated.

Student Name: Biraj Prajapati

Matric Number: 40062051

Supervisor: Bill Buchanan

Second Marker: Rich Macfarlane

Date: Oct 2014

Is the project of the required standard? yes no *

If not, what changes are required?

Is the project viable? yes no *



40062051 SOC10101

Does the project provide a realistic challenge for the student? yes no *


Is the project appropriate for the student’s programme? yes no *


Is the student adequately supported? yes no *


Signature of Second Marker:

Rich Macfarlane


40062051 SOC10101

Appendix 3 Interim Report

Interim Report

Name: Biraj Prajapati

Title: Next Generation Authentication Infrastructure with role based security for Diabetic Patients1. Introduction

With the growing use of cloud based web services, the security and privacy has been listed as the top priority for any service provider. Particularly, in health sector, user privacy and data security is always a top priority. Alongside that, the service providers are also looking for cost efficient ways of providing service to the users. This document provides an overview of the work done to date, and will also outline some of the key literature on authentication and authorization measures. The major motivation of this project is to provide a secure platform where a diabetic patient can keep up to date with all his health data and also share the selected data with his personal trainer or health professional.

1.1 Context

As stated in (Anon., 2005) work “In today's online world, the oft-repeated saying 'it's not what you know, it's who you know' is very apt.”, federated identity has become one of the most popular topic in today's world of Internet and technology. Many organizations these days are looking for ways to improve their business, expand the reach of their contacts and make the reach of their services wider. Cloud computing has come across as the solution for all the queries that the organizations face. According to NIST “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Cloud computing is one of the very popular and fast growing technology in this modern world. It's being used more and more these days because of the ease of use and cost efficiency. However, with the growing technology, more people and organizations are concerned about the secure ways of managing data over the internet. The consequences of the identity leakage might be severe on an individual or an organization. In this current state of the online world, information is being exchanged around the globe in seconds using advanced technology. Hence, there has to be a means or a standard that would allow client to access server resource on behalf of a resource owner.

The study shows that there are more than a billion websites that are active at this time. Most of those websites are created to provide services that the users consume in their day to day life. Every time a user consumes the new web service, they have to create new credentials. Most users find it time consuming and many of them forget their credentials to enter the


40062051 SOC10101

website. This is one of the reasons for the creation of federated identity. Users can use their credentials from few selected web service that provide the access tokens to verify their identity to use different web service.

Currently, there are few web services that act as an identity providers in order to provide authorization on the behalf of the user. Facebook, twitter, Microsoft, Google, etc. are few of them to name. They use authentication protocols to provide the authentication. SAML, OpenID and OAuth are few of the popular authentication protocol that exist at the moment. However, different private and government organizations may not prefer the use of these protocols as their identity management system, as they lack anonymity and the data might be might be misused. There are also possibilities of people falling victim to data phishing.Hence, there is a need of secure ways to authenticate a user to consume a web service, meanwhile maintaining their anonymity. There is also a need for resource owner to have a secure way to authorize sharing of their data. Sharing of the personal data is one of the vital part in health and social care, as patient should have a control on the type of data that is to be shared with the selected personnel.

1.2 Aims and objectives

The main aim of this project is to create a secure infrastructure which enables users to authenticate themselves to consume the web services in the cloud and authorize the access to their personal data. This infrastructure would be targeted for diabetic patients, where they can authenticate themselves with Microsoft health vault and then start updating their personal health data. An access control policy would be used, which would enable users to share their data in a secure and controlled way. The objectives of this project are further listed below:

Produce a literature review on authentication measures focusing on federated identity management system and a literature review on authorization measures and access control.

Design a user interface for users to authenticate themselves to get the access to the resources in the application.

Implement the usability of application. Enable the application to have the feature of authentication and authorization.

Evaluate the effectiveness of the application by making this application available over the cloud and simulate the huge number of users to consume the services at the same time.

Evaluate the vulnerability of the web system by performing a white box pen testing, and discuss the security issues in the system.

1.3 Overview

This report will briefly discuss on the current state of authentication methods. An extensive research on different areas that might have an impact on this project would be done. These all would form the part of literature review. A user friendly and simple interface would be designed, and the authentication and authorization measures would be implemented in C# environment. ALFA plug in for eclipse would be used to generate XACML policies. And finally the evaluation would be done by simulating the huge number of user to consume the service and analysing the quality of the service on that basis.

2. Literature Review

Literature review would be done on Authentication measures, which will prioritise Federated Identity management system, authentication protocols and some popular Identity Providers.


40062051 SOC10101

There will also be a literature review on Authorization and access control of the data. A brief review would be done on some access control policy languages, such as, PERMIS, XACML, EPAL etc. Since there is an involvement of health data, there would be a review on the laws and ethics related to the sharing of data between different personnel and entities. And finally there would be a literature review on Encryption and Cryptography involved in this infrastructure in order to maintain the necessary security for this application.

Federated Identity Management

Identity is the “Representation of an entity (or group of entities) in the form of one or more information elements which allow the entity(s) to be uniquely recognised within a context to the extent that is necessary (for the relevant applications)” (Chadwick, 2009, pp. 96-120). In other words identity is means for any person or an object to be known amongst a group of individuals. As we all know, there are many forms of identities such as Passport, Driving license, student ID etc. These all forms of ID can provide identification of an individual in a certain extent in the real world. Similarly, Federated Identity is a means of identifying an individual in a digital world. It is explained that “Federated identity refers to a model of distributed identity management in which one web site, in the interest of usability for users and efficiencies and economies for itself, decides to accept identity information and authentication operations maintained at another site” (Madsen, et al., 2005, November, pp.77-83). This means that any user who has his identity with a website which acts as an identity provider doesn’t have to authenticate self to visit or consume the services of other websites. Federated Identity Management (FIM) is currently attracting interests from many areas and interest groups. From government to non-government organizations, FIM technology has become a revolution in the technology world in the past decade or so. The industry first began to develop federated identity system for “single sign-on” online identity management around 2001. At that time, Microsoft was developing the passport system whereas Liberty Alliance was developing set of open specifications for online single-sign on and identity federation (Landau & Moore, 2012). There are mainly four parties involved in federated identity management system.

User: They are all the individuals who have a digital identity and who go into a specific web site to consume the services from the website.

Identity Provider: They are the web-sites or database which contains the attributes about the users. They have user’s identities and their role is to authenticate the user. Some of the most common Identity Providers currently are facebook, Google, Microsoft, Post Office etc. Every Identity provider has its own set of advantages and also some drawback. Also the attributes of the users retrieved through every identity providers differs as well.

Service Provider (Relying Party): They are applications or the websites which provides services to the user. They rely on Identity Provider to perform the authentication to users.

Identity Management Platform: They are the set of rules that determines the interaction between IdPs, SPs and users.

Benefits and emergence of Fed ID

Most countries around the world are looking ways to inject ICT into their government service in order to facilitate towards their citizens’ experience while consuming their services.


40062051 SOC10101

Federated Identity management system is the backbone of the e-government that the countries around the world have adapted or are trying to adapt. Basically, people will use online credentials they hold with certified third party- Identity providers to access online services offered by relying party- both government and commercial. (Brostoff, et al., 2013,November). US government, especially, had started taking fed ID as one of the crucial part of the e-government, hence, in 2002, they developed PKI for cross department authentication (Landau & Moore, 2012). However, the development of this technology was slow in emergence as the early system faced few problems which we will discuss further in section 2.2.3.

There are many advantages of implementation of federated ID management system, one of the major one being simplification of administration. Jensen, 2011 has discussed some of the benefits of using federated ID management. The benefits were categorized from the users’ and business perspective (Jensen, 2011).

User Perspective Business Perspective

Increased privacy protection Reduced cost

Better Security Improved data quality

Improved usability Increased Security

Simplified/Imporved user management

Reduced complexity for service providers

Facilitate cooperation

Table 1 : Benefit categories from a user and business perspective (Jensen, 2011)

Further literature review would be done on more implementation, benefit and drawback of federated identity management

Authentication Protocols

O-Auth

OAuth is an open and standardized web resource authorization protocol that enables users to grant third-party application access to their web resources without sharing their login credentials or full extent of their data (Sun & Beznosov, 2012)

SAML

SAML is an Oasis and ITU standard (ITU-T X.1141) that offers an XML-based framework for exchanging security and identity information across domain boundaries (Maler & Reed,2008). SAML defines an XML-based framework for communicating security and identity information between computing entities (Madsen, et al., 2005, November).

Kerberos


40062051 SOC10101

Kerberos is a trusted third party authentication protocol based on symmetric key cryptography, which has been built to a system that provides network wide security services. (Al-Janabi & Rasheed, 2011)

Shibboleth

The Shibboleth is an authentication and authorization infrastructure based on SAML that uses the concept of Federated Identity (Leandro, et al., 2012).

A further literature review would be done in the above mentioned authentication protocols

Access Control

There has to be some kind of restriction for user to prevent an access to the unauthorized resource or data of a particular resource owner. Access control management is a solution to prevent unauthorized access from malicious attackers (Sanchez, et al., 2008).

XACML

XACML (eXtensible Access Control Markup Language) is the standard language developed by OASIS for expressing access control (AC) policies (Mazzoleni, et al., 2008). XACML is XML-based policy language and include two specifications, i.e. an access control policy language and representation format to encode access control requests and responses (Sanchez, et al., 2008).

Figure: XACML Policy Structure

There will also be a literature review on law and ethics involved in usage and sharing of health data. We would also do some literature review on the encryption and cryptography involved with the application and its security.

3. Work done to date

An extensive research on ways of authentication has been done. Literature review on Federated Identity management has also been done, alongside some of the popular existing authentication protocols. A literature review on measures of authorization has also been done. A platform to create an application for the diabetic users has been chosen and has been


40062051 SOC10101

created to interconnect Microsoft Health Vault and, Facebook and Google. Use of ALFA plugin for Eclipse was made to generate simple XACML policies for access control.

Some research was also done in relation to the multi-factor authentication system. While providing the authentication to the system, the multi-factor authentication would provide added security to the system and its data. The multi-factor authentication is based on what you know, what you have and who you are? Few papers have been studied on implementing this area, and the best method to go forward would be to use password as what you know, and generation of a random PIN number to their mobile phone or their email address.

Some key area in penetration testing for web application has also been looked into. Some of the major focus of testing would be on identity management testing, authentication testing, session management testing and authorization testing.

The design of the system has been planned, in which use of O-Auth protocol would be made to authenticate the users using different identity providers. The API from popular identity providers such as facebook, google and Microsoft would be used in the code in order to redirect the user to the identity provider and retrieve the general information of the user.


40062051 SOC10101

4. Work Plan


40062051 SOC10101

Fig: Project Timeline


40062051 SOC10101

5. Evaluation

This infrastructure would be evaluated on the basis of alteration of quality of the service when huge number of users consumes the service at the same time. The number of users would be simulated and those users would be enabled to consume the service in the virtual environment. An attack would also be simulated in order to evaluate the response of this application to an outside attack.

Pen testing would be used to evaluate the vulnerability of the application. The pen testing would be mainly based on the authentication testing, authorization testing, session management testing and identity management testing.

Identity management testing: This would involve the testing of the role definition and user account registration process and policy.

Authentication testing: This would involve testing of weak lock out mechanism in the case of multiple wrong passwords/PINs. This will also test the bypassing of authentication schema and the weak password functionality policy.

Authorization testing: This would mainly involve testing of bypassing the authorization schema

Session management testing: This would involve testing of logout functionality and the session time outs. We would also test the cookies attributes, and bypassing session management schema.

6. Bibliography

AbuKhousa, E., Mohamed, N. & Al-Jaroodi, J., 2012. e-Health cloud: opportunities and challenges. Future Internet, 4(3), pp. 621-645.

Adams, C., 2011. Kerberos Authentication Protocol. In: Encyclopedia of Cryptography and Security. s.l.:Springer, pp. 674-675.

Al-Janabi, S. T. & Rasheed, M. A.-s., 2011. Public-key cryptography enabled kerberos authenticaiton. In: Developments in E-systems engineering (DeSE). s.l.:IEEE, pp. 209-214.

Alliance, L., 2002. Liberty alliance project. [Online] Available at: http://www. projectliberty.org

Alsaleh, M. & Adams, C., 2006. Enhancing consumer privacy in the liberty alliance identity federation and web services frameworks. In: Privacy Enhancing Technologies. s.l.:Springer, pp. 59-77.

Al-Taee, M. A., Sungoor, A. H., Abood, S. N. & Philip, N. Y., 2013. Web-of-Things inspired e-Health platform for integrated diabetes care management. In: Applied Electrical Engineering and Computing Technologies (AEECT), 2013 IEEE Jordan Conference on. s.l.:IEEE, pp. 1-6.

Anderson, A., 2005. A comparison of two privacy policy languages: EPAL and XACML. s.l.:Sun Microsystems, Inc. .

Anderson, J. G., 2007. Social, ethical and legal barriers to e-health. International journal of medical informatics, 76(5), pp. 480-483.

Andreassen, H. K. et al., 2007. European citizens' use of E-health services: a study of seven countries. BMC public health, 7(1), p. 53.

Anon., 2005. Liberty Alliance project white paper: Liberty ID-WSF people service-Federated social identity, s.l.: s.n.


40062051 SOC10101

Anon., 2011. National strategy for Trusted Identities in Cyberspace. [Online] Available at: http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf[Accessed 20 October 2014].

Anon., 2014. Eurostat. [Online] Available at: http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises[Accessed 19 01 2015].

Anon., n.d. Centre for Retail Research. [Online] Available at: http://www.retailresearch.org/onlineretailing.php

Anon., n.d. Cloud Computing Statistics. [Online] Available at: http://siliconangle.com/blog/2014/01/27/20-cloud-computing-statistics-tc0114/[Accessed 19 01 2015].

Armando, A. et al., 2008. Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proceedings of the 6th ACM workshop on Formal methods in security engineering. s.l.:ACM, pp. 1-10.

Armstrong, D. et al., 2005. Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome. Archives of Internal Medicine, 165(10), pp. 1125-1129.

Ashley, P. et al., 2003. Enterprise privacy authorization language (EPAL 1.2). Submission to W3C.

Ball, M. J. & Lillis, J., 2001. E-health: transforming the physician/patient relationship. International journal of medical informatics, 61(1), pp. 1-10.

BBC, 2010. Has new technology taken over our lives?. [Online] Available at: http://www.bbc.co.uk/blogs/legacy/haveyoursay/2010/08/has_new_technology_taken_over.html[Accessed 20 03 2015].

BeanSoftware, 2014. Easy Intro to ASP.NET MVC. [Online] Available at: http://www.beansoftware.com/ASP.NET-Tutorials/Intro-ASP.NET-MVC.aspx[Accessed 02 2015].

Benhamou, P.-Y., 2011. Improving diabetes management with electronic health records and patients’ health records. Diabetes and metabolism, Volume 37, pp. 53-56.

Bertino, E., Paci, F., Ferrini, R. & Shang, N., 2009. Privacy-preserving Digital Identity Management for Cloud Computing.. IEEE Data Eng. Bull., 32(1), pp. 21-27.

Blaya, J. A., Fraser, H. S. & Holt, B., 2010. E-health technologies show promise in developing countries. Health Affairs, 29(2), pp. 244-251.

Brainard, J. et al., 2006. Fourth-factor authentication: somebody you know. In: Proceedings of the 13th ACM conference on Computer and communications security. s.l.:ACM, pp. 168-178.

Brostoff, S., Jennet , C., Malheiros, M. & Sasse, M. A., 2013, November. Federated Identity to Access e-Government Services: Are Citizens Ready for This?. In: Proceedings of the 2013 ACM workshop on Digital Identity Management. s.l.:ACM, pp. 97-108.


40062051 SOC10101

Buchanan, W. J. et al., n.d. Who Would You Trust To Identify You In Accessing Your Health. In: Communications in Computer and Information Science. Edinburgh: Springer.

Buchanan, W. J., n.d. [Online] Available at: http://billatnapier.com/unit03.pdf

Buecker, A. et al., 2005. Federated Identity Management and Web Services Security. IBM Redbook.

Buecker, A. et al., 2005. Federated identity management and web services security with IBM tivoli security solutions, s.l.: s.n.

Burr, W. E., Dodson, D. F. & Polk, W. T., 2006. Electronic authentication guideline. [Online] Available at: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

Chadwick, D. W., 2009. Federated Identity Management. In: A. Aldani, G. Barthe & R. Gorrieri, eds. Foundations of Security Analysis and Design V. Berlin Heidelberg: Springer, pp. 96-120.

Dahbur, K., Mohammad, B. & Tarakji, A. B., 2011. A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the 2011 International conference on intelligent semantic Web-services and applications. s.l.:ACM, p. 12.

Dansky, K. H., Thompson, D. & Sanner, T., 2006. A framework for evaluating eHealth research. Evaluation and program planning, 29(4), pp. 397-404.

de Melo Silva, L., Araujo, R., da Silva, F. L. & Cerqueira, E., 2014. A new architecture for secure storage and sharing of health records in the cloud using federated identity attributes. In: e-Health Networking, Applications and Services (Healthcom), 2014 IEEE 16th International Conference on. s.l.:IEEE, pp. 194-199.

Delfs, H. & Knebl, H., 2007. Symmetric-key encryption. In: Introduction to Cryptography. s.l.:Springer, pp. 11-31.

DiabetesUk, 2015. Diabetes UK. [Online] Available at: http://www.diabetes.org.uk/Guide-to-diabetes/What-is-diabetes/[Accessed 06 04 2015].

Ding, Y. & Klein, K., 2010. Model-driven application-level encryption for the privacy of e-health data. In: Availability, Reliability, and Security, 2010. ARES'10 International Conference on. s.l.:IEEE, pp. 341-346.

Dua, G., Gautam, N., Sharma, D. & Arora, A., 2013. Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password. arXiv preprint arXiv:1304.3550.

Ekonomou, E., Fan, L., Buchanan, W. & Thuemmler, C., 2011. An integrted cloud-based healthcare infrastructure. In: Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on. s.l.:IEEE, pp. 532-536.

El Maliki, T. & Seigneur, J.-M., 2007. A survey of user-centric identity management technologies. In: Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on. s.l.:IEEE, pp. 12-17.

Eysenbach, G., 2001. What is e-health?. Journal of medical Internet research, 3(2).

Fan, L. et al., 2011. DACAR platfrm for eHealth services cloud. In: Cloud Computing (Cloud), 2011 IEEE International Conference on. s.l.:IEEE, pp. 219-226.


40062051 SOC10101

Fengou, M. et al., 2013. A new framework architecture for nexte generation e-health services. Biomedical and Health Informatics, IEEE Journal of, 17(1), pp. 9-18.

Florencio, D. & Herley, C., 2007. A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web. s.l.:ACM, pp. 657-666.

Ford, D. V. et al., 2009. The SAIL Databank: building a national architecture for e-health research and evaluation. BMC Health Services Research, 9(1), p. 157.

Gaedke, M., Meinecke, J. & Nussbaumer, M., 2005. A modeling approach to federated identity and access management. In: Special interest tracks and posters of the 14th international conference on World Wide Web. s.l.:ACM, pp. 1156-1157.

Gao, H. et al., 2008. Yagp: Yet another graphical password strategy. In: Computer Security Applications Conference, 2008. ACSAC 2008. Annual. s.l.:IEEE, pp. 121-129.

Gomes, H., Cunha, J. P. & Zuquete, A., 2007. Authentication architecture for eHealth professionals. In: On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. s.l.:Springer, pp. 1583-1600.

Goodin, D., 2012. 25-GPU cluster cracks every standard Windows password in <6 hours|Ars Technica. [Online] Available at: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/[Accessed 13 02 2015].

Goodner, M. et al., 2007. Understanding ws-federation. Microsoft and IBM.

Government, S., 2015. e-health. [Online] Available at: http://www.ehealth.scot.nhs.uk/wp-content/uploads/Health-Social-Care-Information-Sharing-A-Strategic-Framework-2014-2020.pdf[Accessed 02 04 2015].

Grobauer, B., Walloschek, T. & Stocker, E., 2011. Understanding cloud computing vulnerabilities. Security & privacy, IEEE, 9(2), pp. 50-57.

Grossman, R. L., 2009. The case for cloud computing. IT professional, 11(2), pp. 23-27.

Hall, R. E., 2012. This Land of Strangers: The Relationship Crisis That Imperisl Home, Work, Politics, and Faith. 1 ed. Austin, TX: Greenleaf Book Group Press.

Han, S., Skinner, G., Potdar, V. & Chang, E., 2006. A framework oof authentication and authorization for e-health services. In: Proceedings of the 3rd ACM workshop on Secure web services. s.l.:ACM, pp. 105-106.

Hardt, D., 2012. The OAuth 2.0 authorization framework. s.l.:s.n.

Heck, C., Petry, D. & Marques, J. L. B., 2013. Development of an e-Health System to Detect Autonomic Neuropathy in Individuals with Diabetes. In: V Latin American Congress on Biomedical Engineering CLAIB 2011 May 16-21, 2011, Habana, Cuba. s.l.:Springer, pp. 1288-1291.

HIPAA, 2013. Health Information Privacy. [Online] Available at: http://www.hhs.gov/ocr/privacy

Hsu, J. et al., 2005. Use of e-Health services between 1999 and 2002: a growing digital divide. Journal of the American Medical Informatics Association, 12(2), pp. 164-171.


40062051 SOC10101

Inzucchi, S. et al., 2012. Management of hyperglycaemia in type 2 diabetes: a patient-centered approach. Position statement of the American Diabetes Association (ADA) and the European Association for the Study of Diabetes (EASD). Diabetologia, 55(6), pp. 1577-1596.

Jensen, J., 2011. Benefits of federated identity management- A survey from an integrated operations viewpoint. In: Berlin Heidelberg: Springer , pp. 1-12.

Jha, A. K. et al., 2008. The use of health information technology in seven nations. International journal of medical informatics, 77(22), pp. 848-854.

Josang, A. et al., 2005. Trust requirements in identity management. In: Proceedings of the 2005 Australasian workshop on Grid computing and e-research-Volume 44. s.l.:ACM, pp. 99-108.

Kelley, P. G. et al., 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: Security and Privacy (SP), 2012 IEEE Symposium on. s.l.:IEEE, pp. 523-537.

Kumar, H. et al., 2013. Rainbow table to crack password using MD5 hashing algorithm. In: Information & Communication Technologies (ICT), 2013 IEEE Conference on. s.l.:IEEE, pp. 433-439.

Kumari, A. & Kushwaha, D. S., 2011. Kerberos Style Authentication and Authorization through CTES Model for Distributed Systems. In: Computer Networks and Intelligent Computing. s.l.:Springer, pp. 457-462.

Landau, S. & Moore, T., 2012. Economic Tussles in Federated Identity Management. First Monday, 17(10).

Leandro, M. A. et al., 2012. Multi-tenancy authorization system with federated identity for cloud-based environments using shibboleth. In: ICN 2012, The Eleventh International Conference on Networks. s.l.:s.n., pp. 88-93.

Leandro, M. A. et al., 2012. Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth. In: ICN 2012, The Eleventh International Conference on Networks. s.l.:s.n., pp. 88-93.

Li, C.-T. & Hwang, M.-S., 2010. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), pp. 1-5.

Li, M. et al., 2013. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. Parallel and Distributed Systems, IEEE Transactions on, 24(1), pp. 131-143.

Lohr, H., Sadeghi, A.-R. & Winandy, M., 2010. Securing the e-health cloud. In: Proceedings of the 1st ACM International Health Informatics Symposium. s.l.:ACM, pp. 220-229.

Lonea, A. M., Tianfield, H. & Popescu, D. E., 2013. Identity management for cloud computing. In: New Concepts and Applications in Soft Computing. s.l.:Springer, pp. 175-199.

Lounis, A., Hadjidj, A., Bouabdallah, A. & Challal, Y., 2012. Secure and scalable cloud-based architecture for e-health wireless sensor networks. In: Computer communications and networks (ICCCN), 2012 21st international conference on. s.l.:IEEE, pp. 1-7.

Madsen, P., Koga, Y. & Takahashi, K., 2005, November. Federated Identity Management for Protecting Users from ID Theft. In: Proceedings of the 2005 workshop on Digital Identity Management. s.l.:ACM, pp. 77-83.


40062051 SOC10101

Mair, F. S. et al., 2012. Factors that promote or inhibit the implementation of e-health systems: an explanatory systematic review. Bulletin of the World Health Organization, 90(5), pp. 357-364.

Maler, E. & Reed, D., 2008. The Venn of Identity. IEEE Security and Privacy, 6(2), pp. 16-23.

Mantas, G., Lymberopoulos, D. & Komninos, N., 2009. Integrity mechanism for ehealth tele-monitoring system in smart home environment. In: Engineering in Medicine and Biology Society, 2009. EMBC 2009. Annual International Conference of the IEEE. s.l.:IEEE, pp. 3509-3512.

Mazzoleni, P., Crispo, B., Sivasubramanian, S. & Bertino, E., 2008. XACML policy integration algorighms. ACM Transactions on Information and system security (TISSEC), 11(1), p. 4.

Mbanaso, U. M., Cooper, G., Chadwick, D. W. & Proctor, S., 2006. Privacy preserving trust authorization framework using XACML. In: Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks. s.l.:IEEE Computer Society, pp. 673-678.

Mell, P. & Grance, T., 2011. The NIST definition of cloud computing. s.l.:Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology.

Mercuri, R. T., 2004. The HIPAA-potamus in health care data security. Communications of the ACM, 47(7), pp. 25-28.

Microsoft, 2015. ASP.NET. [Online] Available at: http://www.asp.net/mvc[Accessed 02 2015].

Morgan, R. et al., 2004. Federated Security: The Shibboleth Approach. Educause Quarterly, 27(4), pp. 12-17.

Ni, Q. et al., 2010. Privacy-aware role-based access control. ACM Transactions on Information and System Security (TISSEC), 13(3), p. 24.

Oladimeji, E. A., Chung, L., Jung, H. T. & Kim, J., 2011. Managing security and privacy in ubiquitous eHealth information interchange. In: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication. s.l.:ACM, p. 26.

Parliament, B., 1998. Data protection act of 1998. s.l.:s.n.

Peyton, L., Hu, J., Doshi, C. & Seguin, P., 2007. Addressing privacy in a federated identity management network for ehealth. In: Management of eBusiness, 2007. WCMeB 2007. Eighth World Congress on the. s.l.:IEEE, p. 12.

Riedl, B., Grascher, V. & Neubauer, T., 2008. A Secure e-Health Architecture based on the Appliance of Pseudonymization. Journal of Software, 3(2), pp. 23-32.

Rimal, B. P., Choi, E. & Lumb, I., 2009. A taxonomy and survey of cloud computing systems. In: INC, IMS and IDC, 2009. NCM'09. Fifth International Joint Conference on. s.l.:IEEE, pp. 44-51.

Rouse, M., 2011. Model-View-Controller. [Online] Available at: http://whatis.techtarget.com/definition/model-view-controller-MVC[Accessed 02 2015].


40062051 SOC10101

Rozenblum, R. et al., 2011. A qualitative study of Canada’s experience with the implementation of electronic health information technology. Canadian Medical Association Journal, 183(5), pp. 281-288.

Russello, G., Dong, C. & Dulay, N., 2008. A workflow-based access control framework for e-health applications. In: Advanced Information Networking and Applications-Workshops, 2008. AINAW 2008. 22nd International Conference on. s.l.:IEEE, pp. 111-120.

Sanchez, M., Lopez, G., Gomez-Skarmeta, A. F. & Canovas, O., 2008. using microsoft office infopath to generate XACML policies. In: E-Business and telecommunication networks. s.l.:Springer, pp. 134-145.

Shim, S. S., Bhalla, G. & Pendyala, V., 2005. Federated identity management. Computer, 38(12), pp. 120-122.

Singh, S. P. & Maini, R., 2011. Comparison of data encryption algorithms. International Journal of Computer Science and Communication, 2(1), pp. 125-127.

Spanakis, E. G. et al., 2012. Diabetes management using modern information and communication technologies and new care models. Interactive journal of medical research, 1(2).

Sudha, M., 2012. Enhanced security framework to ensure data security in cloud computing using cryptography. Advances in Computer Science and its Applications, 1(1), pp. 32-37.

Sultan, N., 2010. Cloud computing for education: A new dawn?. International Journal of Information Management, 30(2), pp. 109-116.

Sun, S.-T. & Beznosov, K., 2012. the devil is in the (implementation) details: an empirical analysis of oauth sso systems. In: Proceedings of the 2012 ACM conference on Computer and communications security. s.l.:ACM, pp. 378-390.

Thakur, J. & Kumar, N., 2011. DES, AES and Blowfish: Symmetric key cryptography algorithms simulation based performance analysis. International journal of emerging technology and advanced engineering, 1(2), pp. 6-12.

Verma, O., Agarwal, R., Dafouti, D. & Tyagi, S., 2011. Peformance analysis of data encryption algorithms. In: Electronics Computer Technology (ICECT), 2011 3rd International Conference on. s.l.:IEEE, pp. 399-403.

Wang, Y.-y., Liu, J.-y., Xiao, F.-x. & Dan, J., 2009. A more efficient and secure dynamic ID-based remote user authentication scheme. Computer communications, 32(4), pp. 583-585.

Wilkowska, W. & Ziefle, M., 2012. Privacy and data security in E-health: Requirements from the user's perspective. Health informatics journal, 18(3), pp. 191-201.

Wilson, E. V. & Lankton, N. K., 2004. Modeling patients' acceptance of provider-delivered e-health. Journal of the American Medical Informatics Association, 11(4), pp. 241-248.

Yang, G., Wong, D. S., Wang, H. & Deng, X., 2008. Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), pp. 1160-1172.

Yan, L., Rong, C. & Zhao, G., 2009. Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. In: Cloud Computing. s.l.:Springer, pp. 167-177.


40062051 SOC10101


40062051 SOC10101

Appendix 4 Diary Sheet


40062051 SOC10101


40062051 SOC10101

Appendix 5 Source Code

using System;using System.Collections.Generic;using System.Linq;using System.Security.Claims;using System.Threading.Tasks;using System.Web;using System.Web.Mvc;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.EntityFramework;using Microsoft.Owin.Security;using test.Models;using Facebook;using TweetSharp;using System.Text.RegularExpressions;using System.Security.Cryptography;using System.Net;using System.IO;using System.Web.UI;using System.Web.UI.WebControls;using Newtonsoft.Json.Linq;using System.Text;using TweetSharp.Model;using System.Timers;using System.Threading;using System.Diagnostics;using System.Data.SqlTypes;using System.Data.SqlClient;using System.Configuration;using System.Web.Routing;using System.Web.Helpers;using System.Web.SessionState;

namespace test.Controllers{ [Authorize] public class AccountController : Controller { public AccountController() : this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()))) { }

public AccountController(UserManager<ApplicationUser> userManager) { UserManager = userManager; }

public UserManager<ApplicationUser> UserManager { get; private set; }

// // GET: /Account/Login [AllowAnonymous] public ActionResult Login(string returnUrl) { ViewBag.ReturnUrl = returnUrl; return View(); }

// // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) {


40062051 SOC10101

if (ModelState.IsValid) { var user = await UserManager.FindAsync(model.UserName, model.Password); if (user != null) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError("", "Invalid username or password."); } }

// If we got this far, something failed, redisplay form return View(model); }

// // GET: /Account/Register [AllowAnonymous] public ActionResult Register() { return View(); }

// // POST: /Account/Register [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Register(RegisterViewModel model) { if (ModelState.IsValid) { var user = new ApplicationUser() { UserName = model.UserName }; var result = await UserManager.CreateAsync(user, model.Password); if (result.Succeeded) { await SignInAsync(user, isPersistent: false); return RedirectToAction("Index", "Home"); } else { AddErrors(result); } }


// // POST: /Account/Disassociate [HttpPost] [ValidateAntiForgeryToken] public async Task<ActionResult> Disassociate(string loginProvider, string providerKey) { ManageMessageId? message = null; IdentityResult result = await UserManager.RemoveLoginAsync(User.Identity.GetUserId(), new

UserLoginInfo(loginProvider, providerKey)); if (result.Succeeded) { message = ManageMessageId.RemoveLoginSuccess; } else { message = ManageMessageId.Error; } return RedirectToAction("Manage", new { Message = message }); }

// // GET: /Account/Manage public ActionResult Manage(ManageMessageId? message)


40062051 SOC10101

{ ViewBag.StatusMessage = message == ManageMessageId.ChangePasswordSuccess ? "Your password has been changed." : message == ManageMessageId.SetPasswordSuccess ? "Your password has been set." : message == ManageMessageId.RemoveLoginSuccess ? "The external login was removed." : message == ManageMessageId.Error ? "An error has occurred." : ""; ViewBag.HasLocalPassword = HasPassword(); ViewBag.ReturnUrl = Url.Action("Manage"); return View(); }

// // POST: /Account/Manage [HttpPost] [ValidateAntiForgeryToken] public async Task<ActionResult> Manage(ManageUserViewModel model) { bool hasPassword = HasPassword(); ViewBag.HasLocalPassword = hasPassword; ViewBag.ReturnUrl = Url.Action("Manage"); if (hasPassword) { if (ModelState.IsValid) { IdentityResult result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(),

model.OldPassword, model.NewPassword); if (result.Succeeded) { return RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess }); } else { AddErrors(result); } } } else { // User does not have a password so remove any validation errors caused by a missing OldPassword field ModelState state = ModelState["OldPassword"]; if (state != null) { state.Errors.Clear(); }

if (ModelState.IsValid) { IdentityResult result = await UserManager.AddPasswordAsync(User.Identity.GetUserId(),

model.NewPassword); if (result.Succeeded) { return RedirectToAction("Manage", new { Message = ManageMessageId.SetPasswordSuccess }); } else { AddErrors(result); } } }


// // POST: /Account/ExternalLogin [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public ActionResult ExternalLogin(string provider, string returnUrl) { // Request a redirect to the external login provider return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl

}));


40062051 SOC10101

}

// // GET: /Account/ExternalLoginCallback [AllowAnonymous] public async Task<ActionResult> ExternalLoginCallback(string returnUrl) { Stopwatch stopwatch = new Stopwatch();

stopwatch.Start();

var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return RedirectToAction("Login"); }

// Sign in the user with this external login provider if the user already has a login var user = await UserManager.FindAsync(loginInfo.Login); if (user != null) { await SignInAsync(user, isPersistent: false); stopwatch.Stop(); TimeSpan ts = stopwatch.Elapsed;

string elapsedTime = String.Format("{0:00}:{1:00}:{2:00}.{3:00}", ts.Hours, ts.Minutes, ts.Seconds, ts.Milliseconds);

StreamWriter wr = new StreamWriter(@"G:\test\test\time_elapsed.txt");

wr.WriteLine(elapsedTime); wr.Close(); return RedirectToLocal(returnUrl);

} else { // If the user does not have an account, then prompt the user to create an account ViewBag.ReturnUrl = returnUrl; ViewBag.LoginProvider = loginInfo.Login.LoginProvider;

stopwatch.Stop(); TimeSpan ts = stopwatch.Elapsed;

string elapsedTime = String.Format("{0:00}:{1:00}:{2:00}.{3:00}", ts.Hours, ts.Minutes, ts.Seconds, ts.Milliseconds);

StreamWriter wr = new StreamWriter(@"G:\test\test\time_elapsed.txt"); wr.WriteLine(elapsedTime); wr.Close(); return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { UserName =

loginInfo.DefaultUserName });

} }

// // POST: /Account/LinkLogin [HttpPost] [ValidateAntiForgeryToken] public ActionResult LinkLogin(string provider) { // Request a redirect to the external login provider to link a login for the current user return new ChallengeResult(provider, Url.Action("LinkLoginCallback", "Account"), User.Identity.GetUserId()); }

//


40062051 SOC10101

// GET: /Account/LinkLoginCallback public async Task<ActionResult> LinkLoginCallback() { var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(XsrfKey, User.Identity.GetUserId()); if (loginInfo == null) { return RedirectToAction("Manage", new { Message = ManageMessageId.Error }); } var result = await UserManager.AddLoginAsync(User.Identity.GetUserId(), loginInfo.Login); if (result.Succeeded) { return RedirectToAction("Manage"); } return RedirectToAction("Manage", new { Message = ManageMessageId.Error }); }

// // POST: /Account/ExternalLoginConfirmation [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> ExternalLoginConfirmation(ExternalLoginConfirmationViewModel model, string

returnUrl) { if (User.Identity.IsAuthenticated) { return RedirectToAction("Manage"); }

if (ModelState.IsValid) { // Get the information about the user from the external login provider var info = await AuthenticationManager.GetExternalLoginInfoAsync(); if (info == null) { return View("ExternalLoginFailure"); } var user = new ApplicationUser() { UserName = model.UserName }; var result = await UserManager.CreateAsync(user); if (result.Succeeded) { result = await UserManager.AddLoginAsync(user.Id, info.Login); if (result.Succeeded) { await SignInAsync(user, isPersistent: false); return RedirectToLocal(returnUrl); } } AddErrors(result); }

ViewBag.ReturnUrl = returnUrl; return View(model); }

//adding medicalInfo controller public ActionResult Medical( ) {

// var identity = await UserManager.CreateIdentityAsync(ApplicationUser user, DefaultAuthenticationTypes.ApplicationCookie);

var id = User.Identity.GetUserId(); //var userClaim = await UserManager.ClaimsIdentityFactory.UserIdClaimType(User.Identity.GetUserId()); var name = User.Identity.GetUserName(); var entity = name + "_" + id; var model = new List<Medical>(); //creating instance of a model //Medical x = new Medical();

//building connection string


40062051 SOC10101

SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false; builder["Encrypt"] = true; SqlConnection connect = new SqlConnection(builder.ConnectionString); connect.Open(); string query = "SELECT * FROM " + entity; SqlCommand command = new SqlCommand(query, connect); SqlDataReader rdr = command.ExecuteReader(); while (rdr.Read()) { var x = new Medical(); x.ID = Convert.ToInt32(rdr["ID"]); x.Height_m_ = Convert.ToDecimal(rdr["Height(m)"]); x.Weight_kg_ = Convert.ToDecimal(rdr["Weight(Kg)"]); x.BMI = Convert.ToDecimal(rdr["BMI"]); x.Body_Temperature_c_ = Convert.ToDecimal(rdr["Body_Temperature(c)"]); x.Blood_Sugar_Level_mg_dL = Convert.ToDecimal(rdr["Blood_Sugar_Level_mg/dL"]); x.Blood_Pressure_syst_ = Convert.ToInt32(rdr["Blood_Pressure(syst)"]); x.Blood_Pressure_diast_ = Convert.ToInt32(rdr["Blood_Pressure(diast)"]); x.Insulin_Dosage_IE_ = Convert.ToDecimal(rdr["Insulin_Dosage(IE)"]); x.A1C_Level__ = Convert.ToDecimal(rdr["A1C_Level(%)"]);

model.Add(x); } return View(model);

}

public async Task<ActionResult> UserDetails() {

var UserClaim = await UserManager.GetClaimsAsync(User.Identity.GetUserId()); var token = UserClaim.FirstOrDefault(c => c.Type == "access_token").Value;

Match facebookMatch = Regex.Match(token, @"CAAM([A-Za-z0-9]+)"); Match twitterMatch = Regex.Match(token, @"\d+\-([A-Za-z0-9]+)"); Match googleMatch = Regex.Match(token, @"ya29\.([A-Za-z0-9]+)");

if (facebookMatch.Success) { var client = new Facebook.FacebookClient(token); dynamic fbResult = client.Get("me?

fields=id,email,first_name,last_name,gender,locale,link,timezone,location,picture");

UserDetails x = new Models.UserDetails(); x.id = (string)fbResult["id"]; x.email = (string)fbResult["email"]; x.firstName = (string)fbResult["first_name"]; x.lastName = (string)fbResult["last_name"]; x.link = (string)fbResult["link"]; x.locale = (string)fbResult["locale"];

return View(x); }

if (googleMatch.Success) { Uri apiRequestUri = new Uri("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token);

var client = new System.Net.WebClient(); var googleResult = client.DownloadString(apiRequestUri); dynamic googleUser = Newtonsoft.Json.JsonConvert.DeserializeObject(googleResult.ToString());

UserDetails x = new Models.UserDetails(); x.email = (string)googleUser["email"]; x.id = (string)googleUser["id"]; x.firstName = (string)googleUser["given_name"]; x.lastName = (string)googleUser["family_name"]; x.link = (string)googleUser["link"];


40062051 SOC10101

x.locale = (string)googleUser["locale"];

return View(x); }

if (twitterMatch.Success) { var oauth_token_secret = UserClaim.FirstOrDefault(c => c.Type == "access_token_secret").Value; TwitterService twitter = new TweetSharp.TwitterService("YPU8ISKnRfo2Wwcw8RPg59r5z",

"00DzHlIvXkQq3Gran3TdDSkERzB9RIZZjpNoFUwNanVPPniAFZ", token, oauth_token_secret); var profile = twitter.GetUserProfile(new GetUserProfileOptions()); var obj = profile.RawSource; dynamic twitterUser = Newtonsoft.Json.JsonConvert.DeserializeObject(obj.ToString()); var rawName = (string)twitterUser["name"]; string[] name = rawName.Split(' ');

UserDetails x = new Models.UserDetails(); x.email = (string)twitterUser["email"]; x.id = (string)twitterUser["id"]; x.firstName = name[0]; x.lastName = name[1]; x.link = (string)twitterUser["link"]; x.locale = (string)twitterUser["locale"];

return View(x);

}

else return View(); //string a = ExternalProvider;

}

// // POST: /Account/LogOff [HttpPost] [ValidateAntiForgeryToken] public ActionResult LogOff() { AuthenticationManager.SignOut(); return RedirectToAction("Index", "Home"); }

// // GET: /Account/ExternalLoginFailure [AllowAnonymous] public ActionResult ExternalLoginFailure() { return View(); }

[ChildActionOnly] public ActionResult RemoveAccountList() { var linkedAccounts = UserManager.GetLogins(User.Identity.GetUserId()); ViewBag.ShowRemoveButton = HasPassword() || linkedAccounts.Count > 1; return (ActionResult)PartialView("_RemoveAccountPartial", linkedAccounts); }

protected override void Dispose(bool disposing) { if (disposing && UserManager != null) { UserManager.Dispose(); UserManager = null; } base.Dispose(disposing); }

#region Helpers // Used for XSRF protection when adding external logins private const string XsrfKey = "XsrfId";


40062051 SOC10101

private IAuthenticationManager AuthenticationManager { get { return HttpContext.GetOwinContext().Authentication; } }

//modified private async Task SaveAccessToken(ApplicationUser user, ClaimsIdentity identity) { var userclaims = await UserManager.GetClaimsAsync(user.Id);

foreach (var at in ( from claims in identity.Claims where claims.Type.StartsWith("access_token") select new Claim(claims.Type, claims.Value, claims.ValueType, claims.Issuer))) {

if (!userclaims.Contains(at)) { await UserManager.AddClaimAsync(user.Id, at); } }

}//modified

private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);

//modified await SetExternalProperties(identity);

AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity); await SaveAccessToken(user, identity); }

//modified private async Task SetExternalProperties(ClaimsIdentity identity) { // get external claims captured in Startup.ConfigureAuth ClaimsIdentity ext = await

AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);

if (ext != null) { var ignoreClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; // add external claims to identity foreach (var c in ext.Claims) { if (!c.Type.StartsWith(ignoreClaim)) if (!identity.HasClaim(c.Type, c.Value)) identity.AddClaim(c); } } }//modified

private void AddErrors(IdentityResult result) { foreach (var error in result.Errors) { ModelState.AddModelError("", error); } }

private bool HasPassword() { var user = UserManager.FindById(User.Identity.GetUserId()); if (user != null) { return user.PasswordHash != null;


40062051 SOC10101

} return false; }

public enum ManageMessageId { ChangePasswordSuccess, SetPasswordSuccess, RemoveLoginSuccess, Error }

private ActionResult RedirectToLocal(string returnUrl) { if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } }

private class ChallengeResult : HttpUnauthorizedResult { public ChallengeResult(string provider, string redirectUri) : this(provider, redirectUri, null) { }

public ChallengeResult(string provider, string redirectUri, string userId) { LoginProvider = provider; RedirectUri = redirectUri; UserId = userId; }

public string LoginProvider { get; set; } public string RedirectUri { get; set; } public string UserId { get; set; }

public override void ExecuteResult(ControllerContext context) { var properties = new AuthenticationProperties() { RedirectUri = RedirectUri }; if (UserId != null) { properties.Dictionary[XsrfKey] = UserId; } context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider); } } #endregion

[HttpGet] public ActionResult Weight(string sortBy) { var id = User.Identity.GetUserId(); //var userClaim = await UserManager.ClaimsIdentityFactory.UserIdClaimType(User.Identity.GetUserId()); var name = User.Identity.GetUserName();

var entity = name + "_" + id; var model = new List<Medical>();

//creating instance of a model //Medical x = new Medical();

//building connection string SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false;


40062051 SOC10101

builder["Encrypt"] = true; SqlConnection connect = new SqlConnection(builder.ConnectionString); connect.Open(); string query = "SELECT * FROM " + entity; SqlCommand command = new SqlCommand(query, connect); SqlDataReader rdr = command.ExecuteReader();

if (sortBy == "Weight" || sortBy == "BMI" || sortBy == "BloodSugar" || sortBy == "Insulin" || sortBy == "A1C") { List<decimal> valueDecimal = new List<decimal>(); if (sortBy == "Weight") { while (rdr.Read()) { valueDecimal.Add(Convert.ToDecimal(rdr["Weight(Kg)"])); } } if (sortBy == "BloodSugar") { while (rdr.Read()) { valueDecimal.Add(Convert.ToDecimal(rdr["Blood_Sugar_Level_mg/dL"])); } } if (sortBy == "BMI") { while (rdr.Read()) { valueDecimal.Add(Convert.ToDecimal(rdr["BMI"])); } } if (sortBy == "Insulin") { while (rdr.Read()) { valueDecimal.Add(Convert.ToDecimal(rdr["Insulin_Dosage(IE)"])); } } if (sortBy == "A1C") { while (rdr.Read()) { valueDecimal.Add(Convert.ToDecimal(rdr["A1C_Level(%)"])); } } ViewBag.MyList = valueDecimal; }

if (sortBy == "BPSyst" || sortBy == "BPDiast") { List<int> valueInt = new List<int>(); if (sortBy == "BPSyst") { while (rdr.Read()) { valueInt.Add(Convert.ToInt32(rdr["Blood_Pressure(syst)"])); } }

if (sortBy == "BPDiast") { while (rdr.Read()) { valueInt.Add(Convert.ToInt32(rdr["Blood_Pressure(diast)"])); } } ViewBag.MyList = valueInt; } ViewBag.sortBy = sortBy; // Medical x = new Medical(); return View(); } }


40062051 SOC10101

}

using System;using System.Collections.Generic;using System.Linq;using System.Web;

namespace test.Models{ public class Medical { public int ID { get; set; } public decimal Height_m_ { get; set; } public decimal Weight_kg_ { get; set; } public decimal BMI { get; set; } public decimal Body_Temperature_c_ { get; set; } public decimal Blood_Sugar_Level_mg_dL { get; set; } public int Blood_Pressure_syst_ { get; set; } public int Blood_Pressure_diast_ { get; set; } public decimal Insulin_Dosage_IE_ { get; set; } public decimal A1C_Level__ { get; set; } }}

@using System@model List<test.Models.Medical>

@{ ViewBag.Title = "Medical";}@{ var x = new List<test.Models.Medical>();}

<h3> Click on the following Link to see the pattern</h3>

<li> @Html.ActionLink("Weight ", "Weight", "Account", new { id = "Weight", sortBy = "Weight" }, null) <li> @Html.ActionLink("BMI ", "Weight", "Account", new { id = "BMI", sortBy = "BMI" }, null) </li> <li> @Html.ActionLink("Body Temperature", "Weight", "Account", new { id = "Body Temperature", sortBy =

"BodyTemp" }, null) </li> <li> @Html.ActionLink("Blood Sugar Level", "Weight", "Account", new { id = "BloodSugar", sortBy = "BloodSugar" },

null) </li> <li> @Html.ActionLink("Blood Pressure (Syst)", "Weight", "Account", new { id = "BPSyst", sortBy = "BPSyst" }, null) </li> <li> @Html.ActionLink("Blood Pressure (Diast)", "Weight", "Account", new { id = "BPDiast", sortBy = "BPDiast" }, null) </li> <li> @Html.ActionLink("Insulin Dosage", "Weight", "Account", new { id = "Insulin", sortBy = "Insulin" }, null) </li> <li> @Html.ActionLink("A1C Level", "Weight", "Account", new { id = "A1C", sortBy = "A1C" }, null) </li>

<h2>Medical</h2><div> <table> <tr> <th> ID </th> <th> Height(m) </th> <th> Weight(Kg) </th> <th> BMI </th> <th> Body Temperature(c) </th> <th> Blood Sugar Level(mg/dL) </th> <th> Blood Pressure(syst) </th> <th> Blood Pressure(diast) </th> <th> Insulin Dosage(IE) </th>


40062051 SOC10101

<th> A1C Level(%) </th> </tr> @foreach (var data in Model as IEnumerable<test.Models.Medical>) { <tr> <td> @data.ID</td> <td> @data.Height_m_</td> <td> @data.Weight_kg_</td> <td> @data.BMI</td> <td> @data.Body_Temperature_c_</td> <td> @data.Blood_Sugar_Level_mg_dL</td> <td> @data.Blood_Pressure_syst_</td> <td> @data.Blood_Pressure_diast_</td> <td> @data.Insulin_Dosage_IE_</td> <td> @data.A1C_Level__</td>

</tr> } </table></div>

using Microsoft.AspNet.Identity;using Microsoft.Owin;using Microsoft.Owin.Security.Cookies;using Owin;using Microsoft.Owin.Security.Google;using Microsoft.Owin.Security.Facebook;using Microsoft.Owin.Security.Twitter;using Microsoft.Owin.Security.MicrosoftAccount;

namespace test{ public partial class Startup { // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login") }); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

var microsoftAuthenticationOptions = new MicrosoftAccountAuthenticationOptions(); microsoftAuthenticationOptions.ClientId = "000000004813F367"; microsoftAuthenticationOptions.ClientSecret = "zk5kDYs8lrRCSqUxEJqb-yoUSKm6cx4R"; microsoftAuthenticationOptions.AuthenticationType = "Microsoft"; microsoftAuthenticationOptions.SignInAsAuthenticationType = "externalCookie"; microsoftAuthenticationOptions.Provider = new MicrosoftAccountAuthenticationProvider { OnAuthenticated = async context => { context.Identity.AddClaim(new System.Security.Claims.Claim("access_token", context.AccessToken)); } };

microsoftAuthenticationOptions.Scope.Add("wl.basic"); microsoftAuthenticationOptions.Scope.Add("wl.emails"); app.UseMicrosoftAccountAuthentication(microsoftAuthenticationOptions);

//app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: "");

var twitterAuthenticationOptions = new TwitterAuthenticationOptions();

twitterAuthenticationOptions.ConsumerKey = "YPU8ISKnRfo2Wwcw8RPg59r5z"; twitterAuthenticationOptions.ConsumerSecret = "00DzHlIvXkQq3Gran3TdDSkERzB9RIZZjpNoFUwNanVPPniAFZ"; twitterAuthenticationOptions.AuthenticationType = "Twitter"; twitterAuthenticationOptions.SignInAsAuthenticationType = "ExternalCookie";


40062051 SOC10101

twitterAuthenticationOptions.Provider = new TwitterAuthenticationProvider { OnAuthenticated = async context => { context.Identity.AddClaim(new System.Security.Claims.Claim("access_token", context.AccessToken)); context.Identity.AddClaim(new System.Security.Claims.Claim("access_token_secret",

context.AccessTokenSecret)); } };

app.UseTwitterAuthentication(twitterAuthenticationOptions);

var facebookAuthenticationOptions = new FacebookAuthenticationOptions();

facebookAuthenticationOptions.AppId = "904970772881568"; facebookAuthenticationOptions.AppSecret = "fb83a6e0b142b5dc3b4edf726ab8f481"; facebookAuthenticationOptions.AuthenticationType = "Facebook"; facebookAuthenticationOptions.SignInAsAuthenticationType = "ExternalCookie"; facebookAuthenticationOptions.Provider = new FacebookAuthenticationProvider { OnAuthenticated = async context => { context.Identity.AddClaim(new System.Security.Claims.Claim("access_token", context.AccessToken));

} };

facebookAuthenticationOptions.Scope.Add("user_birthday"); facebookAuthenticationOptions.Scope.Add("publish_stream"); facebookAuthenticationOptions.Scope.Add("user_likes"); facebookAuthenticationOptions.Scope.Add("friends_likes"); facebookAuthenticationOptions.Scope.Add("read_stream"); facebookAuthenticationOptions.Scope.Add("email"); facebookAuthenticationOptions.Scope.Add("public_profile");

app.UseFacebookAuthentication(facebookAuthenticationOptions);

var googleAuthenticationOptions = new GoogleOAuth2AuthenticationOptions();

googleAuthenticationOptions.ClientId = "583121694677-u2ov6u126enr73n3mfigumi3ke7ujop9.apps.googleusercontent.com";

googleAuthenticationOptions.ClientSecret = "uH_DkKAXNRq6jMUkLdgH9gu8"; googleAuthenticationOptions.SignInAsAuthenticationType = "ExternalCookie"; googleAuthenticationOptions.AuthenticationType = "Google"; googleAuthenticationOptions.Provider = new GoogleOAuth2AuthenticationProvider() { OnAuthenticated = async context => { context.Identity.AddClaim(new System.Security.Claims.Claim("access_token", context.AccessToken)); //context.Identity.AddClaim(new System.Security.Claims.Claim("refresh_token", context.RefreshToken)); } };

googleAuthenticationOptions.Scope.Add("https://www.googleapis.com/auth/plus.login"); googleAuthenticationOptions.Scope.Add("https://www.googleapis.com/auth/userinfo.email");

app.UseGoogleAuthentication(googleAuthenticationOptions); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.Data.SqlClient;using System.Data;using System.IO;

namespace ConsoleApplicationDES_FILL_DATA


40062051 SOC10101

{ class Program { static void Main(string[] args) { SqlConnectionStringBuilder builderAES = new SqlConnectionStringBuilder(); builderAES["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builderAES["User ID"] = "bprajapati@gvdy6vstnd"; builderAES["Password"] = "Tilasmi1";

builderAES["Database"] = "General_Database_DES"; builderAES["Trusted_Connection"] = false; builderAES["Integrated Security"] = false; builderAES["Encrypt"] = true;

SqlConnection connect = new SqlConnection(builderAES.ConnectionString); connect.Open();

SqlCommand command = new SqlCommand(); command.Connection = connect; command.CommandType = CommandType.Text; int count = 0; string[] passwordList = File.ReadAllLines(@"password.txt"); StreamWriter write = new StreamWriter(@"new.txt");

DataTable tableList = connect.GetSchema("Tables");

foreach (DataRow row in tableList.Rows) { write.WriteLine(row["TABLE_NAME"] + "-" + passwordList[count]);

string query = "INSERT INTO " + row["TABLE_NAME"] + "(ID, [Height(m)], [Weight(Kg)], BMI, [Body_Temperature(c)], [Blood_Sugar_Level_mg/dL], [Blood_Pressure(syst)], [Blood_Pressure(diast)], [Insulin_Dosage(IE)], [A1C_Level(%)]) VALUES (@ID, @height, @weight, @bmi, @bodyTemp, @bloodSugar, @systBloodPressure, @diastBloodPressure, @insulin, @A1C)";

command.CommandText = query; string key = passwordList[count]; try {

Random rndHeight = new Random(); decimal calcHeight = rndHeight.Next(1499, 1877); var height = calcHeight / 1000; var heightEncrypted = DESEncrypter.Encryptor(key, height);

for (int i = 0; i < 1000; i++) { Random rndWeight = new Random(); Random rndBodyTemp = new Random(); Random rndBloodSugar = new Random(); Random rndSystBP = new Random(); Random rndDiastBP = new Random(); Random rndInsulin = new Random(); Random rndA1C = new Random(); var id = i + 1;

decimal weight = rndWeight.Next(40, 95); var weightEncrypted = DESEncrypter.Encryptor(key, weight);

decimal bmi = (weight / height) / height; var bmiEncrypted = DESEncrypter.Encryptor(key, bmi);

decimal calcBodyTemp = rndBodyTemp.Next(350, 400); var bodyTemp = calcBodyTemp / 10; var bodyTempEncrypted = DESEncrypter.Encryptor(key, bodyTemp);

decimal bloodSugar = rndBloodSugar.Next(85, 160); var bloodSugarEncrypted = DESEncrypter.Encryptor(key, bloodSugar);

decimal systBP = rndSystBP.Next(50, 90); var systBPEncrypted = DESEncrypter.Encryptor(key, systBP);


40062051 SOC10101

decimal diastBP = rndDiastBP.Next(80, 130); var diastBPEncrypted = DESEncrypter.Encryptor(key, diastBP);

decimal calcInsulin = rndInsulin.Next(10, 50); var insulin = calcInsulin / 100; var insulinEncrypted = DESEncrypter.Encryptor(key, insulin); Decimal calcA1C = rndA1C.Next(60, 80); var A1C = calcA1C / 10; var A1CEncrypted = DESEncrypter.Encryptor(key, A1C);

command.Parameters.Clear(); command.Parameters.AddWithValue("@ID", id); command.Parameters.AddWithValue("@height", heightEncrypted); command.Parameters.AddWithValue("@weight", weightEncrypted); command.Parameters.AddWithValue("@bmi", bmiEncrypted); command.Parameters.AddWithValue("@bodyTemp", bodyTempEncrypted); command.Parameters.AddWithValue("@bloodSugar", bloodSugarEncrypted); command.Parameters.AddWithValue("@systBloodPressure", systBPEncrypted); command.Parameters.AddWithValue("@diastBloodPressure", diastBPEncrypted); command.Parameters.AddWithValue("@insulin", insulinEncrypted); command.Parameters.AddWithValue("@A1C", A1CEncrypted);

command.ExecuteNonQuery();

} count++; } catch { Console.WriteLine("Error"); }

Console.WriteLine(row["TABLE_NAME"]); Console.WriteLine(count);

} write.Close(); } } }

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.Data;using System.IO;

namespace DESEncryptionTest{ class Program { static void Main(string[] args) { Console.WriteLine("Enter the string to encrypt"); string x = Console.ReadLine(); Console.WriteLine("Enter the pass"); string y = Console.ReadLine(); string z = Encryptor(y, x); Console.WriteLine(z);

string a = Decryptor(z, y); Console.WriteLine(a); Console.ReadLine();


40062051 SOC10101

} public static string Encryptor(string key_des, string x) { string strIV = "01234567"; //Turn the plaintext into a byte array. byte[] PlainTextBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(x.ToString());

//Setup the AES providor for our purposes. TripleDESCryptoServiceProvider desProvider = new TripleDESCryptoServiceProvider();

desProvider.BlockSize = 64; desProvider.KeySize = 128; //My key and iv that i have used in openssl desProvider.Key = stringToByte(key_des, 16); desProvider.IV = string2byte(strIV); desProvider.Padding = PaddingMode.PKCS7; desProvider.Mode = CipherMode.CBC; ICryptoTransform cryptoTransform = desProvider.CreateEncryptor(desProvider.Key, desProvider.IV); byte[] EncryptedBytes = cryptoTransform.TransformFinalBlock(PlainTextBytes, 0, PlainTextBytes.Length); return Convert.ToBase64String(EncryptedBytes); }

private static string Decryptor(string TextToDecrypt, string strKey) { byte[] EncryptedBytes = Convert.FromBase64String(TextToDecrypt); string strIV = "01234567"; //Setup the AES provider for decrypting. TripleDESCryptoServiceProvider desProvider = new TripleDESCryptoServiceProvider(); //aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey); //aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV); desProvider.BlockSize = 64; desProvider.KeySize = 128; //My key and iv that i have used in openssl desProvider.Key = stringToByte(strKey, 16); desProvider.IV = string2byte(strIV); desProvider.Padding = PaddingMode.PKCS7; desProvider.Mode = CipherMode.CBC;

ICryptoTransform cryptoTransform = desProvider.CreateDecryptor(desProvider.Key, desProvider.IV); byte[] DecryptedBytes = cryptoTransform.TransformFinalBlock(EncryptedBytes, 0, EncryptedBytes.Length); return System.Text.Encoding.ASCII.GetString(DecryptedBytes); }

public static byte[] string2byte(string newString) { char[] CharArray = newString.ToCharArray(); byte[] ByteArray = new byte[CharArray.Length];

for (int i = 0; i < CharArray.Length; i++) { ByteArray[i] = Convert.ToByte(CharArray[i]); } return ByteArray; }

public static byte[] stringToByte(string newString, int charLength) { char[] CharArray = newString.ToCharArray(); byte[] ByteArray = new byte[charLength]; for (int i = 0; i < CharArray.Length; i++) { ByteArray[i] = Convert.ToByte(CharArray[i]); } return ByteArray; }

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.IO;using System.Security.Cryptography;using System.Data.SqlClient;


40062051 SOC10101

using System.Data;

namespace ConsoleApplicationFillEncryptedTableAES{ class Program { static void Main(string[] args) { SqlConnectionStringBuilder builderAES = new SqlConnectionStringBuilder(); builderAES["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builderAES["User ID"] = "bprajapati@gvdy6vstnd"; builderAES["Password"] = "Tilasmi1"; builderAES["Database"] = "General_Database_AES"; builderAES["Trusted_Connection"] = false; builderAES["Integrated Security"] = false; builderAES["Encrypt"] = true;

SqlConnection connect = new SqlConnection(builderAES.ConnectionString); connect.Open();

SqlCommand command = new SqlCommand(); command.Connection = connect; command.CommandType = CommandType.Text; int count = 0; string[] passwordList = File.ReadAllLines(@"password.txt"); StreamWriter write = new StreamWriter(@"new.txt");

DataTable tableList = connect.GetSchema("Tables");

foreach (DataRow row in tableList.Rows) { write.WriteLine(row["TABLE_NAME"] + "-" + passwordList[count]); string query = "INSERT INTO " + row["TABLE_NAME"] + "(ID, [Height(m)], [Weight(Kg)], BMI,

[Body_Temperature(c)], [Blood_Sugar_Level_mg/dL], [Blood_Pressure(syst)], [Blood_Pressure(diast)], [Insulin_Dosage(IE)], [A1C_Level(%)]) VALUES (@ID, @height, @weight, @bmi, @bodyTemp, @bloodSugar, @systBloodPressure, @diastBloodPressure, @insulin, @A1C)";

command.CommandText = query; string key = passwordList[count]; if (count > 143) { try { Random rndHeight = new Random(); decimal calcHeight = rndHeight.Next(1499, 1877); var height = calcHeight / 1000; var heightEncrypted = AESEncryptor.Encryptor(key, height);

for (int i = 0; i < 1000; i++) { Random rndWeight = new Random(); Random rndBodyTemp = new Random(); Random rndBloodSugar = new Random(); Random rndSystBP = new Random(); Random rndDiastBP = new Random(); Random rndInsulin = new Random(); Random rndA1C = new Random();

var id = i + 1;

decimal weight = rndWeight.Next(40, 95); var weightEncrypted = AESEncryptor.Encryptor(key, weight); decimal bmi = (weight / height) / height; var bmiEncrypted = AESEncryptor.Encryptor(key, bmi); decimal calcBodyTemp = rndBodyTemp.Next(350, 400); var bodyTemp = calcBodyTemp / 10; var bodyTempEncrypted = AESEncryptor.Encryptor(key, bodyTemp); decimal bloodSugar = rndBloodSugar.Next(85, 160); var bloodSugarEncrypted = AESEncryptor.Encryptor(key, bloodSugar); decimal systBP = rndSystBP.Next(50, 90); var systBPEncrypted = AESEncryptor.Encryptor(key, systBP); decimal diastBP = rndDiastBP.Next(80, 130); var diastBPEncrypted = AESEncryptor.Encryptor(key, diastBP); decimal calcInsulin = rndInsulin.Next(10, 50); var insulin = calcInsulin / 100;


40062051 SOC10101

var insulinEncrypted = AESEncryptor.Encryptor(key, insulin); Decimal calcA1C = rndA1C.Next(60, 80); var A1C = calcA1C / 10; var A1CEncrypted = AESEncryptor.Encryptor(key, A1C);

command.Parameters.Clear(); command.Parameters.AddWithValue("@ID", id); command.Parameters.AddWithValue("@height", heightEncrypted); command.Parameters.AddWithValue("@weight", weightEncrypted); command.Parameters.AddWithValue("@bmi", bmiEncrypted); command.Parameters.AddWithValue("@bodyTemp", bodyTempEncrypted); command.Parameters.AddWithValue("@bloodSugar", bloodSugarEncrypted); command.Parameters.AddWithValue("@systBloodPressure", systBPEncrypted); command.Parameters.AddWithValue("@diastBloodPressure", diastBPEncrypted); command.Parameters.AddWithValue("@insulin", insulinEncrypted); command.Parameters.AddWithValue("@A1C", A1CEncrypted);


}

count++;

}

catch { Console.WriteLine("Error"); } } else { count++; } Console.WriteLine(row["TABLE_NAME"]); Console.WriteLine(count);

} write.Close(); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.IO;using System.Data;

namespace AESEncrypter{ class Program { static void Main(string[] args) { Console.WriteLine("Enter the text:"); decimal x = Convert.ToDecimal(Console.ReadLine()); Console.WriteLine("Enter the key:"); string key = Console.ReadLine(); Console.WriteLine(Encryptor(key, x)); Console.ReadLine();

}

public static string Encryptor(string key_aes, decimal x) { Rijndael computeRijndael = new RijndaelManaged(); computeRijndael.Key = stringToByte(key_aes, 32); computeRijndael.IV = string2byte("0123456789ABCDEF");


40062051 SOC10101

byte[] key = computeRijndael.Key; byte[] IV = computeRijndael.IV;

ICryptoTransform encryptor = computeRijndael.CreateEncryptor(key, IV);

MemoryStream msEncrypt = new MemoryStream(); CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);

csEncrypt.Write(string2byte(x.ToString()), 0, string2byte(x.ToString()).Length); csEncrypt.FlushFinalBlock();

byte[] encrypted = msEncrypt.ToArray();

return ByteToString(encrypted);

}




public static string Byte2String(CryptoStream stream) { string x= ""; int i = 0; do { i = stream.ReadByte(); if (i != -1) x += ((char)i); } while (i != -1); return (x); }

public static string ByteToString(byte[] stream) { string x = ""; for (int i = 0; i < stream.Length; i++) { x += stream[i].ToString("X2"); } return (x); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.IO;

namespace SHA1{


40062051 SOC10101

class Program { static void Main(string[] args) { string[] Pass = File.ReadAllLines("password.txt"); StreamWriter SHAfile = new StreamWriter("Sha1Hash.txt"); foreach (string pass in Pass) { byte[] encodedPassword = new UTF8Encoding().GetBytes(pass); SHA1Managed sha1 = new SHA1Managed(); byte[] hashBytes = sha1.ComputeHash(encodedPassword); StringBuilder builder = new StringBuilder(hashBytes.Length *2); for (int i = 0; i < hashBytes.Length; i++) { builder.Append(hashBytes[i].ToString("X2")); } SHAfile.WriteLine(builder.ToString()); } SHAfile.Close(); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.IO;using System.Security.Cryptography;

namespace MD5_Hash{ class Program { static void Main(string[] args) { string[] Pass = File.ReadAllLines("password.txt"); StreamWriter MD5file = new StreamWriter("MD5Hash.txt"); foreach (string pass in Pass) { byte[] encodedPassword = new UTF8Encoding().GetBytes(pass); MD5 md5 = MD5.Create(); byte[] hashBytes = md5.ComputeHash(encodedPassword); StringBuilder builder = new StringBuilder(); for (int i = 0; i < hashBytes.Length; i++) { builder.Append(hashBytes[i].ToString("X2")); } MD5file.WriteLine(builder.ToString()); } MD5file.Close(); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.Data;using System.IO;using System.Text.RegularExpressions;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Collections;using System.Configuration;


40062051 SOC10101

namespace ConsoleApplicationLMHash{ class Program { static void Main(string[] args) { string[] Pass = File.ReadAllLines("password.txt"); StreamWriter file = new StreamWriter("hashPass.txt"); StreamWriter LMfile = new StreamWriter("LMHash.txt"); foreach (string pass in Pass) { byte[] lmHash = LMHash.Compute(pass); string lmHashGenerate = BitConverter.ToString(lmHash); Regex regex = new Regex("-"); string Flmoutput = regex.Replace(lmHashGenerate, string.Empty);

LMfile.WriteLine(Flmoutput); Org.BouncyCastle.Crypto.Digests.MD4Digest md = new Org.BouncyCastle.Crypto.Digests.MD4Digest(); byte[] unicodePassword = Encoding.Convert(Encoding.ASCII, Encoding.Unicode,

Encoding.ASCII.GetBytes(pass)); md.BlockUpdate(unicodePassword, 0, unicodePassword.Length); byte[] hash = new byte[16]; md.DoFinal(hash, 0); string ntlmOutput = BitConverter.ToString(hash); Regex regexNT = new Regex("-"); string FntlmOutput = regexNT.Replace(ntlmOutput, string.Empty); } Console.ReadLine(); } }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;using System.IO;using System.Data;

namespace ConsoleApplicationHashTest{ class Program { static void Main(string[] args) { string[] Pass = File.ReadAllLines("password.txt") ; StreamWriter file = new StreamWriter("pass_hash.txt"); foreach (string password in Pass) { byte[] salt; byte[] buffer2; Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, 0x10, 0x3e8); salt = bytes.Salt; buffer2 = bytes.GetBytes(0x20);

byte[] dst = new byte[0x31]; Buffer.BlockCopy(salt, 0, dst, 1, 0x10); Buffer.BlockCopy(buffer2, 0, dst, 0x11, 0x20); file.WriteLine(Convert.ToBase64String(dst)); } Console.ReadLine(); } }

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Data.Sql;using System.Data.SqlClient;using System.Data.SqlTypes;


40062051 SOC10101

using System.Data;using System.IO;using System.Threading;

namespace ConsoleApplicationFillRestTable{ class Program { static void Main(string[] args) { SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false; builder["Encrypt"] = true;

SqlConnection connect = new SqlConnection(builder.ConnectionString); connect.Open(); SqlCommand command = new SqlCommand(); command.Connection = connect; command.CommandType = CommandType.Text; int count = 0; DataTable tableList = connect.GetSchema("Tables");

foreach (DataRow row in tableList.Rows) { try {

string query = "INSERT INTO " + row["TABLE_NAME"] + "(ID, [Height(m)], [Weight(Kg)], BMI, [Body_Temperature(c)], [Blood_Sugar_Level_mg/dL], [Blood_Pressure(syst)], [Blood_Pressure(diast)], [Insulin_Dosage(IE)], [A1C_Level(%)]) VALUES (@ID, @height, @weight, @bmi, @bodyTemp, @bloodSugar, @systBloodPressure, @diastBloodPressure, @insulin, @A1C)";

command.CommandText = query; Random rndHeight = new Random(); decimal calcHeight = (rndHeight.Next(1499, 1877)); var height = calcHeight / 1000;

for (int i = 0; i < 1000; i++) { Random rndWeight = new Random(); Random rndBodyTemp = new Random(); Random rndBloodSugar = new Random(); Random rndSystBP = new Random(); Random rndDiastBP = new Random(); Random rndInsulin = new Random(); Random rndA1C = new Random(); var id = i + 1; decimal weight = rndWeight.Next(40, 95); decimal bmi = (weight / height) / height; decimal calcBodyTemp = rndBodyTemp.Next(350, 400); var bodyTemp = calcBodyTemp / 10; decimal bloodSugar = rndBloodSugar.Next(85, 160); decimal systBP = rndSystBP.Next(50, 90); decimal diastBP = rndDiastBP.Next(80, 130); decimal calcInsulin = rndInsulin.Next(10, 50); var insulin = calcInsulin / 100; Decimal calcA1C = rndA1C.Next(60, 80); var A1C = calcA1C / 10; command.Parameters.Clear(); command.Parameters.AddWithValue("@ID", id); command.Parameters.AddWithValue("@height", height); command.Parameters.AddWithValue("@weight", weight); command.Parameters.AddWithValue("@bmi", bmi); command.Parameters.AddWithValue("@bodyTemp", bodyTemp); command.Parameters.AddWithValue("@bloodSugar", bloodSugar);


40062051 SOC10101

command.Parameters.AddWithValue("@systBloodPressure", systBP); command.Parameters.AddWithValue("@diastBloodPressure", diastBP); command.Parameters.AddWithValue("@insulin", insulin); command.Parameters.AddWithValue("@A1C", A1C);


} count++; }

catch { Console.WriteLine("Error"); } { Console.WriteLine(row["TABLE_NAME"]); Console.WriteLine(count); } } //foreach (string table in tableList)

Console.ReadLine(); } }}

namespace ConsoleApplicationReadFromDatabase{ class Program { static void Main(string[] args) { SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false; builder["Encrypt"] = true;

SqlConnection connectAzure = new SqlConnection(builder.ConnectionString); connectAzure.Open();

DataTable tableList = connectAzure.GetSchema("Tables"); StreamWriter wr = new StreamWriter(@"G:\test\test\Time_Taken_To_Read.txt"); int i = 1; foreach (DataRow row in tableList.Rows) { Stopwatch stopwatch = new Stopwatch(); stopwatch.Start(); var x = new Patients(); var model = new List<Patients>(); string query = "SELECT * FROM " + row["TABLE_NAME"]; SqlCommand command = new SqlCommand(query, connectAzure); SqlDataReader rdr = command.ExecuteReader(); while (rdr.Read()) { x.ID = Convert.ToInt32(rdr["ID"]); x.Height_m_ = Convert.ToDecimal(rdr["Height(m)"]); x.Weight_kg_ = Convert.ToDecimal(rdr["Weight(Kg)"]); x.BMI = Convert.ToDecimal(rdr["BMI"]); x.Body_Temperature_c_ = Convert.ToDecimal(rdr["Body_Temperature(c)"]); x.Blood_Sugar_Level_mg_dL = Convert.ToDecimal(rdr["Blood_Sugar_Level_mg/dL"]); x.Blood_Pressure_syst_ = Convert.ToInt32(rdr["Blood_Pressure(syst)"]); x.Blood_Pressure_diast_ = Convert.ToInt32(rdr["Blood_Pressure(diast)"]); x.Insulin_Dosage_IE_ = Convert.ToDecimal(rdr["Insulin_Dosage(IE)"]); x.A1C_Level__ = Convert.ToDecimal(rdr["A1C_Level(%)"]);


40062051 SOC10101

model.Add(x); } stopwatch.Stop(); rdr.Close(); TimeSpan ts = stopwatch.Elapsed; string elapsedTime = string.Format("{0:00}:{1:00}:{2:00}.{3:00}", ts.Hours, ts.Minutes, ts.Seconds,

ts.Milliseconds); wr.WriteLine("Time taken to read record no. " + i + " is "+ elapsedTime); i++; }

wr.Close(); Console.ReadLine();

} }}

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Data.SqlClient;using System.IO;using System.Data;using System.Timers;using System.Diagnostics;using System.Text.RegularExpressions;

namespace ConsoleApplicationReadFromDatabaseAES{ class Program { static void Main(string[] args) { SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database_AES"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false; builder["Encrypt"] = true;

SqlConnection connectAzure = new SqlConnection(builder.ConnectionString); connectAzure.Open();

string[] passwordList = File.ReadAllLines(@"password.txt"); int count = 0; DataTable tableList = connectAzure.GetSchema("Tables"); StreamWriter wr = new StreamWriter(@"G:\test\test\Time_Taken_To_Read_AES.txt"); int i = 1; foreach (DataRow row in tableList.Rows) { Stopwatch stopwatch = new Stopwatch(); stopwatch.Start();

string key = passwordList[count]; var x = new Patients(); var model = new List<Patients>(); string query = "SELECT * FROM " + row["TABLE_NAME"]; SqlCommand command = new SqlCommand(query, connectAzure); SqlDataReader rdr = command.ExecuteReader(); while (rdr.Read()) { //string id = AESDecryptor.Decryptor(rdr["ID"].ToString(), key); x.ID = Convert.ToInt32(rdr["ID"]);

x.Height_m_ = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["Height(m)"].ToString(), key)), @"[^\d.]", string.Empty));


40062051 SOC10101

x.Weight_kg_ = decimal.Parse(Regex.Replace((AESDecryptor.Decryptor(rdr["Weight(Kg)"].ToString(), key)), @"[^\d.]", string.Empty));

x.BMI = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["BMI"].ToString(), key)), @"[^\d.]", string.Empty));

x.Body_Temperature_c_ = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["Body_Temperature(c)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Sugar_Level_mg_dL = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["Blood_Sugar_Level_mg/dL"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Pressure_syst_ = Convert.ToInt32(Regex.Replace((AESDecryptor.Decryptor(rdr["Blood_Pressure(syst)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Pressure_diast_ = Convert.ToInt32(Regex.Replace((AESDecryptor.Decryptor(rdr["Blood_Pressure(diast)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Insulin_Dosage_IE_ = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["Insulin_Dosage(IE)"].ToString(), key)), @"[^\d.]", string.Empty));

x.A1C_Level__ = Convert.ToDecimal(Regex.Replace((AESDecryptor.Decryptor(rdr["A1C_Level(%)"].ToString(), key)), @"[^\d.]", string.Empty));


ts.Milliseconds);

wr.WriteLine("Time taken to read record no. " + i + " is " + elapsedTime); i++; count++; }

wr.Close(); Console.ReadLine(); } }}

namespace ConsoleApplicationReadFromDatabaseDES{ class Program { static void Main(string[] args) {SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Server"] = "tcp:gvdy6vstnd.database.windows.net"; builder["User ID"] = "bprajapati@gvdy6vstnd"; builder["Password"] = "Tilasmi1"; builder["Database"] = "General_Database_DES"; builder["Trusted_Connection"] = false; builder["Integrated Security"] = false; builder["Encrypt"] = true;

SqlConnection connectAzure = new SqlConnection(builder.ConnectionString); connectAzure.Open(); string[] passwordList = File.ReadAllLines(@"password.txt"); int count = 0; DataTable tableList = connectAzure.GetSchema("Tables"); StreamWriter wr = new StreamWriter(@"G:\test\test\Time_Taken_To_Read_DES.txt"); int i = 1; foreach (DataRow row in tableList.Rows) { Stopwatch stopwatch = new Stopwatch(); stopwatch.Start();

string key = passwordList[count]; var x = new Patients(); var model = new List<Patients>(); string query = "SELECT * FROM " + row["TABLE_NAME"]; SqlCommand command = new SqlCommand(query, connectAzure);


40062051 SOC10101

SqlDataReader rdr = command.ExecuteReader(); while (rdr.Read()) { x.ID = Convert.ToInt32(rdr["ID"]); x.Height_m_ = Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["Height(m)"].ToString(),

key)), @"[^\d.]", string.Empty)); x.Weight_kg_ = decimal.Parse(Regex.Replace((DESDecryptor.Decryptor(rdr["Weight(Kg)"].ToString(), key)),

@"[^\d.]", string.Empty)); x.BMI = Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["BMI"].ToString(), key)), @"[^\

d.]", string.Empty)); x.Body_Temperature_c_ =

Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["Body_Temperature(c)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Sugar_Level_mg_dL = Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["Blood_Sugar_Level_mg/dL"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Pressure_syst_ = Convert.ToInt32(Regex.Replace((DESDecryptor.Decryptor(rdr["Blood_Pressure(syst)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Blood_Pressure_diast_ = Convert.ToInt32(Regex.Replace((DESDecryptor.Decryptor(rdr["Blood_Pressure(diast)"].ToString(), key)), @"[^\d.]", string.Empty));

x.Insulin_Dosage_IE_ = Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["Insulin_Dosage(IE)"].ToString(), key)), @"[^\d.]", string.Empty));

x.A1C_Level__ = Convert.ToDecimal(Regex.Replace((DESDecryptor.Decryptor(rdr["A1C_Level(%)"].ToString(), key)), @"[^\d.]", string.Empty));


ts.Milliseconds); wr.WriteLine("Time taken to read record no. " + i + " is " + elapsedTime); i++; count++; } wr.Close(); Console.ReadLine(); } } }

using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;using System.Security.Cryptography;

namespace ConsoleApplicationTestAESDecryptor{ class Program { static void Main(string[] args) { Console.WriteLine("Enter the string to encrypt"); string x = Console.ReadLine(); Console.WriteLine("Enter the pass"); string y = Console.ReadLine(); string z = Encryptor(x, y); Console.WriteLine(z);

string a = Decryptor(z, y); Console.WriteLine(a); Console.ReadLine(); }

private static string Encryptor(string TextToEncrypt, string strKey) {

string strIV = "0123456789ABCDEF";


40062051 SOC10101

//Turn the plaintext into a byte array. byte[] PlainTextBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(TextToEncrypt);

//Setup the AES providor for our purposes. AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider();

aesProvider.BlockSize = 128; aesProvider.KeySize = 256; aesProvider.Key = stringToByte(strKey, 32); aesProvider.IV = string2byte(strIV); aesProvider.Padding = PaddingMode.PKCS7; aesProvider.Mode = CipherMode.CBC;

ICryptoTransform cryptoTransform = aesProvider.CreateEncryptor(aesProvider.Key, aesProvider.IV); byte[] EncryptedBytes = cryptoTransform.TransformFinalBlock(PlainTextBytes, 0, PlainTextBytes.Length); return Convert.ToBase64String(EncryptedBytes); }

private static string Decryptor(string TextToDecrypt, string strKey) { byte[] EncryptedBytes = Convert.FromBase64String(TextToDecrypt); string strIV = "0123456789ABCDEF"; //Setup the AES provider for decrypting. AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider(); //aesProvider.Key = System.Text.Encoding.ASCII.GetBytes(strKey); //aesProvider.IV = System.Text.Encoding.ASCII.GetBytes(strIV); aesProvider.BlockSize = 128; aesProvider.KeySize = 256; aesProvider.Key = stringToByte(strKey, 32); aesProvider.IV = string2byte(strIV); //aesProvider.Padding = PaddingMode.PKCS7; aesProvider.Mode = CipherMode.CBC;

ICryptoTransform cryptoTransform = aesProvider.CreateDecryptor(aesProvider.Key, aesProvider.IV); byte[] DecryptedBytes = cryptoTransform.TransformFinalBlock(EncryptedBytes, 0, EncryptedBytes.Length); return System.Text.Encoding.ASCII.GetString(DecryptedBytes); }





dissertation full

Documents