1st International ICST Workshop on Connectivity, Mobility and Patients' Comfort

Research Article

Security Analysis and Implementation of Web-based Telemedicine Services with a Four-tier Architecture

Download602 downloads
  • @INPROCEEDINGS{10.4108/ICST.PERVASIVEHEALTH2008.2518,
        author={Amiya K. Maji and Arpita Mukhoty and Arun K. Majumdar and Jayanta Mukhopadhyay and Shamik Sural and Soubhik Paul and Bandana Majumdar},
        title={Security Analysis and Implementation of Web-based Telemedicine Services with a Four-tier Architecture},
        proceedings={1st International ICST Workshop on Connectivity, Mobility and Patients' Comfort},
        publisher={IEEE},
        proceedings_a={CMPC},
        year={2010},
        month={5},
        keywords={multi-tier; telemedicine; vulnerability analysis; ehealth; web based},
        doi={10.4108/ICST.PERVASIVEHEALTH2008.2518}
    }
    
  • Amiya K. Maji
    Arpita Mukhoty
    Arun K. Majumdar
    Jayanta Mukhopadhyay
    Shamik Sural
    Soubhik Paul
    Bandana Majumdar
    Year: 2010
    Security Analysis and Implementation of Web-based Telemedicine Services with a Four-tier Architecture
    CMPC
    IEEE
    DOI: 10.4108/ICST.PERVASIVEHEALTH2008.2518
Amiya K. Maji1,*, Arpita Mukhoty1,*, Arun K. Majumdar1,*, Jayanta Mukhopadhyay1,*, Shamik Sural1,*, Soubhik Paul1,*, Bandana Majumdar1,*
  • 1: Indian Institute of Technology Kharagpur, India
*Contact email: amiya@cse.iitkgp.ernet.in, amukhoty@cse.iitkgp.ernet.in, akmj@cse.iitkgp.ernet.in, jay@cse.iitkgp.ernet.in, shamik@cse.iitkgp.ernet.in, spaul@cse.iitkgp.ernet.in, m_bandana@cse.iitkgp.ernet.in

Abstract

Security of Telemedicine applications is not often given adequate importance by the developers and healthcare administrators primarily to reduce cost. Though some security safeguards are employed by these applications to comply with existing medical data security and privacy regulations, these are not adequate in today’s context. Moreover, in a web-based application environment not only the data but also the application itself is vulnerable to attackers. Keeping these concerns in mind, we present the design of a web-based, four-tier Telemedicine System named iMedik which is accessible over desktops as well as handheld devices. We have illustrated how the proposed system differs from existing three-tier web applications. The compliance status of the application with HIPAA Security Guidelines has also been noted. The security measures described in our approach look into the four-tier architecture from an attacker’s viewpoint and present a simple road map for developing secure e-health application with anywhere, anytime availability. Keywords