Abstract: As new and unknown security threats pose a life-threatening issues in medical field, higher levels of security is highly essential to maintain the integrity, confidentiality and authentication of healthcarrecords. Thus this paper presents a unique and an innovative authentication model that protects Cloud-Based Healthcare Information System from various security attacks such as replay attack, password-guessing attack and keylogger attack. Although the primary goal of the work is providing unique and innovative authentication framework, it also satisfies security requirements such as integrity, confidentiality and non-repudiation. The novelty of this approach is to reduce the cost involved in authentication process and also avoid the dependency of external devices for authentication such as mobile OTP, biometric authentication sensors, etc. Through the security analysis, it is clearly shown that the proposed scheme is more secure, efficient and cost effective than the existing authentication schemes. The EPBAS Scheme has been implemented using Java 7.0 and tomcat 7.0.40. The applet client and servlet program has been developed for client-server communication. The AES 256-bit encryption was made with the help of JCE (Java Cryptography Extension). Cryptographic hash function SHA256 (Secure Hash Algorithm) has been implemented. Hence salt bytes must be minimum 32 bytes. The secret key is generated based on the clients password using PBKDF2WithHmacSHA1 (Password-Based key Derivation Function 2 with Hash-based Message Authentication Code Secure Hash Algorithm 1) algorithm.
A. Jesudoss and N.P. Subramaniam, 2016. Securing Cloud-Based Healthcare Information Systems Using Enhanced Password-Based Authentication Scheme. Asian Journal of Information Technology, 15: 2457-2463.