Secure Medical Data Exchange Over the Cloud

Secure Medical Data Exchange over the Cloud

Noor A.Muhsin1, Dr. Emad H. Abood2

1,2Department of information and communication Engineering, Ministry of Higher Education and Scientific Research

Al Nahrain University Baghdad, Iraq

Abstract: This paper introduces a framework for securing the exchanging of medical data on a private cloud composed of three servers distributed at different remote medical institutes. Medical data of an institute could be exchanged among the three servers of the cloud through Virtual Private Network (VPN). The database will replicate at multiple local and remote virtual servers and the replicas will be updated whenever it is edited from anywhere. The implementation of the work take place in a real network of three servers in different subdomains connected to routers and connected together by VPN using Secure Socket Tunneling Protocol (SSTP) provided by Mikrotik routers. The setup of the cloud network is based on virtualizing physical servers into multiple virtual machines using KVM (Kernel-based Virtual Machine) installed on UBUNTU Linux Server 14.04.01. Each institute (represented by multiple virtual machines) is connected to an interface router (Mikrotik) which acts as a VPN client-server. Whenever there is a data transfer from one institute to another, the connection is secured through tunneling provided by the working VPN. The testing of the practical prototype verifies the proposed architecture where packet sniffing is used to prove the secured connection.

Keywords: cloud computing, VPN, Tunneling, SSTP

1. Introduction

During last few years, businesses are finding ways and means to operate efficiently in order to reduce cost and maximize profit. A new paradigm of computing, cloud computing appeared and change the old ways of computing. It has emerged as an enabling technology that allows the world of Information Technology to use the computing resources in more effective and efficient way [1].Cloud Computing is the latest development of computing models after Distributed Computing, Parallel Processing, and Grid Computing. Cloud computing achieve a multi-level virtualization and abstraction through effective integration of variety of computing, storage, data, applications and other resources, users can be easy to use powerful computing and storage capacity of cloud computing only need to connect to the network [2].A virtual private network can establish a secure connection across a public network. Nowadays, the common uses of VPNs include securing access to enterprise network resources from remote/insecure locations, connecting distributed resources from multiple sites, and establishing virtual LANs for uses such as multiplayer video games and media sharing over the Internet [3].The purpose of a VPN is to ensure confidentiality on an unsecured network channels, from one geographical area to another. This is done by using special software but after establishing a connection, the interaction with the other resources on network is handled like if the computer was physically connected to the same network, although this depends on the way in which the security policies are applied [4].Cloud computing offers many profits to healthcare sector, e.g. hospitals and health clinic which need fast access and big storage which are not supplied in the other traditional settings. Many aspects can be developed using cloud computing. Systems that used cloud computing has more security than the traditional client-server systems against data breaches. A secure web-based private cloud system can address the threats to patient data and it can offer better physical security. Secure private cloud can provide better physical security if compared to traditional client-server computing systems [5].

1. System Design

The architecture of the private cloud computing in this paper is composed of three physical servers assumed to be distributed in different geographical areas. These servers are connected by routers through the internet and the medical data should be exchanged among them as shown in Figure1. In this work security and privacy are main concerns because we deal with personal medical data, so the private cloud computing is proposed and implemented to hold those data.

Figure1. Private Cloud Branches

The connections among servers should be secure to protect the data from security threats. The security is implemented by using Virtual Private Network (VPN); the routers are connected to each other using tunneling so only the three servers (and their virtual servers) can connect and share data securely.

a. Hardware Requirements

• Servers

The prototype servers used to implement the private cloud are laptops with the specification shown in table1.

Table 1: Physical Servers’ specifications

Name / Processor / CPU / RAM / Disk / NIC
Server1 / Intel Core i7 / 2.20GHz / 6 GB / 750 GB / 1
Server2 / AMD Core i3 / 2.20GHz / 4GB / 500GB / 1
Server3 / Intel Core i7 / 2.20GHz / 8GB / 1 T / 1

The servers should have Virtualization Technology (VT) enabled.

• Routers

Three routers are used in the proposed architecture. Mikrotik router board RB2011 shown in figure2, it is has 5 Gigabit Ethernet ports and 5 Fast Ethernet ports and an SFP (Small form-factor pluggable)cage, and other specifications shown in table2.

Figure2. MikroTik Router

Table 2: Router Specifications [6]

CPU / 600MHz
Memory / 64MB, DDR, SDRAM, onboard memory
Ethernet / Five 10/100 Mb ,Fast Ethernet ports, with Auto-MDI/X
Five 10/100/1000 Mb, Gb Ethernet ports, with Auto-MDI/X
Power consuming / Max 8W
OS / MikroTik Router OS

b. Software Requirements

The main software requirements are listed and described as follows:

• The Operating System (OS) Ubuntu 14.04 LTS.
• The virtualization infrastructure dedicated for Linux kernel, KVM (Kernel Virtual Machine) , it supports native virtualization on the processors [7]; it will be used as the hypervisor or virtual machine manager.
• The related necessary packages for virtualization in addition to libvirt, which is a library, used to interface with different virtualization technologies..
• LAMP server, Linux apache MySql and PHP.

III. Network Configuration

a. Servers’ Addressing

In this paper the private cloud contains three servers distributed assumed to be in different locations and different networks so each physical server lies in different IP subdomains

Table 3: Servers’ Addressing

IP address / Subnet mask / Gateway / broadcast / DNS
Server1 / 192.168.1.1 / 255.255.255.0 / 192.168.55.254 / 192.168.1.255 / 5.10.227.18
Server2 / 192.168.2.1 / 255.255.255.0 / 192.168.55.254 / 192.168.2.255 / 5.10.227.18
Server3 / 192.168.3.1 / 255.255.255.0 / 192.168.55.254 / 192.168.3.255 / 5.10.227.18

b. Routers’ Addressing

In the proposed architecture the three routers are connected together to a switch (which acts as the internet in our work) and each router connected to a physical server that contains the virtual machines. Table 4 shows the addresses used for the routers’ interfaces. Ether2 connects the router to the switch which is connecting the VMs to the internet while Ether3 connects the router to its virtual machines. The configuration is done using winbox which is a Configuration tool for RouterOS.

Table 4: Addressing of routers

Router 1 / Router 2 / Router 3
Ether2 / 192.168.55.31 / 192.168.55.32 / 192.168.55.33
Ether3 / 192.168.1.100/24 / 192.168.2.100/24 / 192.168.3.100/24

IV. VPN Configuration

The distributed servers should be connected together to represent the private cloud thus the three institutes can connect to each other securely so the proposed solution is a VPN that connects them securely and prevent any other unauthorized connection.so VPN here has two main functions, connecting the remote branches, and secure the exchanging of the medical data.

A site-to-site VPN is applied by using the tunneling protocols offered by Mikrotik routers. They offer many tunneling protocols (such as PPTP, SSTP, OVPN and L2TP) each have its specifications.

SSTP (Secure Socket Tunneling Protocol) is chosen to implement the VPN connection.SSTP VPN connections provide confidentiality, integrity, and authentication for data. SSTP transports a Point to Point Protocol (PPP) tunnel over a TLS 1.0 channel. The use of TLS over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers.

SSTP works as follow:

• SSTP client establishes a TCP connection to the SSTP server (established on port 443 by default)
• SSL checks server certificate If a certificate used
• SSTP control packets are sent from client within the HTTPS session that establish SSTP state machine on the two sides
• PPP negotiation over SSTP, Client authenticated to the server and IP addresses binds to the SSTP interface
• SSTP tunnel then established and packet encapsulation can now begin. [8]

Figure3.SSTP Mechanism [8]

To provide a connection between each two routers each router must be an SSTP server while the others are SSTP clients so all routers will have one SSTP server interface and two SSTP client interfaces as in figure 4.

SSTP tunneling will be done in three steps:

a)Configure R1 as the SSTP server ,R2 and R3 are SSTP clients

b)Configure R2 as the SSTP server,R1 and R3 are SSTP clients

c)Configure R3 as the SSTP server,R1 and R2 are SSTP clients

In step (a) Configuring a profile in R1 to be used and specify the local IP addresses as 172.16.0.1 and the remote address is an IP pool from 172.16.0.10 to 172.16.0.100, SSTP server is enabled then add secrets in the SSTP clients routers R2 and R3 after that the SSTP client interfaces will be added automatically in R2 and R3 if not it added manually.

The same configuration is done in step b and c except the local and remote addresses of VPN. Table 5 shows the IPs used for SSTP profile. A route from each router to its virtual machines also added to enable accesses through the router

Figure4. SSTP Tunnel

Table 5: VPN addresses

Local Address / Remote Address
R1 / 172.16.0.1 / 172.16.0.10-172.16.0.100
R2 / 172.16.2.1 / 172.16.2.10-172.16.2.100
R3 / 172.16.3.1 / 172.16.3.10-172.16.3.100

V. Testing Results of VPN

The goal of this part was to analyze and fix the packets passing among cloud servers and check the connections between the remote virtual servers through VPN tunnel. The analysis is done using the packet sniffer tool provided by Mikrotik router accessed through winbox.

VPN enables the servers in different sites connect to each other thus if the VPN working properly the connection exist if it is has a problem or disabled then no connection established among the servers.to verify that our VPN is we fix the active connections from the router in two cases:

1. SSTP Server Enabled

After configuring the VPN in routers using SSTP and enable the SSTP server in all the three routers, every virtual server must be able to connect to the other remote and local virtual server.

Figure5. Packet sniffer-VPN Enabled

The packets appear in a snapshot token from packet sniffer at Router3 shows the connection between virtual servers such as below connections in table 6.

Table 6: Connections between virtual servers

Source Physical Server / Source Address / Destination Address / Destination Physical Server
1 / 192.168.1.10 / 192.168.3.10 / 3
3 / 192.168.3.11 / 192.168.2.11 / 2
2 / 192.168.2.11 / 192.168.3.11 / 3
3 / 192.168.3.10 / 192.168.1.11 / 1
1 / 192.168.1.10 / 192.168.3.10 / 3

1. SSTP Server Disabled

All SSTP servers in each router disabled so no connection appear in packet sniffer between any virtual machines. Figure 6 shows a result of packet sniffer running in Router2 when all SSTP servers are disabled.

Figure6. Packet Sniffer-VPN disabled

As it is clear in figure 6 above the virtual machine cannot connect to each other when the VPN is disabled. In this way we prevent the unauthorized connections so the data exchanged safely only among the three institutes.

VI. MRS

The MRS offers an easy web based interfaces to interact with the system, they will be described briefly:

1. MRS Main Interface

This interface provides the access to all the other subsystems. It is implemented such that members’ login port for the users of the system. This port helps the members to access the information that they allowed to access or edit. Each member must provide his login ID, password that given to them by administrator to provide security for the system.it is shown in figure 7.

Figure7. MRS main interfaces

1. Patient Registration Subsystem

This interface dedicated for registering the patients before entrance to the consultation for examination, this is the responsibility of card recorder who was registered by administrator and has a login username and password.

The system may return an error message when entering error name or password.

After login he/she can record patient’s information such as name, blood group and medical history and other information as shown in figure8.

This interface provides searching the stored patients by ID or name and finally exit from system by logout interface.

Figure8. Recording patient information

1. Doctors Subsystem

Consultation interface first step is doctor login using his username and password given and registered by administrator. After login consultant has access to the registered patients’ details where he/she can add the signs or medications and other information after examining the patient. The consultant cannot access all patients’ information, the personal information such as email and phone number not listed.The system gives the consultant the privilege to search the registered patients by ID or by name as shown in figure 9.

Figure9. Doctor interface

1. Administrator subsystem

Administrators are the only ones who can register the members interacting with the system and manage them. He/she is responsible for the registration of new users and giving them privileges to access MRS using their name and passwords.

Administrator has a wide control to the system by the access to the following interfaces:

1)Add user To add a new member to the Medical Record system giving them the ability to access and interact with the system according to their jobs as shown in figure the administrator enter the name ,password ,user type and medical specialty for doctors.

2)Edit users: This interface introducing many options for administrator; edit user, delete user and search user by name or ID.

Figure10. Administrator subsystem

VII. Conclusions

1. Implementing a private cloud for MRS and such systems can reduce cost of hardware and software needed because multi institute make use of shared resources.
2. The implemented VPN using SSTP allow the access to MRS and its database only to the connections through VPN any other attempts for access is forbidden.
3. Tunneling protocols such as SSTP, that used to secure ordinary networks, can be used for securing the connections among distributed infrastructure of private cloud.

VIII. Future Works

1. Develop the proposed system to connect the medical centers of a city together using private cloud.

1. Implement a cloud based medical records system that provide services to the patients so they can access their records, receive their appointments see the results of their tests online.
2. Developing a cloud-based records system for newborns connecting the hospitals of all the country to facilitate the procedure of national identity.

References

[1] B. Kwofie, Master Thesis, “Cloud computing opportunities, risks and challenges with regard to Information Security in the context of developing countries” , Luleå University of Technology, Ghana, 2013.

[2] Songjie, J. Yao and Chengpeng Wu,” Cloud computing and its key techniques”, International Conference on Electronic & Mechanical Engineering and Information Technology, Xiamen University, China,2011

[3] A. Avellana ”Comparison of Virtual Networks Solutions for Community Clouds” Bachelor Thesis, KTH Royal Institute of Technology,2014

[4] Paulus Kampert ,”A taxonomy of virtualization technologies”, Master’s thesis, Delft University of Technology, 2010

[5] Impact of Cloud Computing on Healthcare, white paper, Cloud Standards Customer Council, 2012

[6] MIKROTIK Routerboard, Product catalog 2012

[7]Bhanu P. Tholeti, “Hypervisors, virtualization, and the cloud”, IBM, 2011

[8]