Mobile Medical Records. Project Proposal

Transcription

1 Mobile Medical Records Project Proposal Paul Brittan Shelley-Ann Petzer

2 Table of Contents 1. Project Description Problem Statement Research Aims The performance comparisons of encryption algorithms The performance comparisons of compression algorithms Comparison of storing medical records on the internal memory of the cell phone as opposed to a microsd card The transmission medium between the cell phone and a medical database The importance of the problem Procedures and methods Development environment System design Implementation strategy Expected challenges Performance testing Ethical, professional and legal issues Related Work Anticipated Outcomes System Expected impact Key success factors Project Plan Risks Timeline Required resources Deliverables Milestones Work allocation References Appendix A

3 1. Project Description The project aims to investigate the storage of medical records on cell phones. The original idea for this project was proposed by Simelela, an NGO dealing with rape victims, in which the aim was to aid these victims with revealing certain medical information when reporting their case by storing their medical records on a cell phone. Over and above this, patients in developing countries are often responsible for storing and transporting their own paper-based medical records, which can lead to a loss or damage of these documents. Therefore storing these records on a cell phone will make the process more convenient for both patients and medical practitioners. When developing applications for cell phones, it is important to be aware of and deal with the restrictions on the capabilities of these devices [Burgsteiner and Prietl 2008]. In particular the focus will be on encrypting and compressing the medical records for storage on a cell phone as well as for transmission to and from a medical database. This will be done by implementing various compression and encryption algorithms and comparing their performance when executed on a cell phone. 2. Problem Statement Cell phones are becoming ubiquitous and their use for storing documents and running applications that would usually be done on a desktop computer is increasing. This is also observed particularly in developing areas where access to more advanced technology is limited. A cell phone is therefore the perfect tool in terms of its diversity for creating an application that allows a patient to store and manage their own medical records. However cell phones create issues when it comes to ensuring the privacy of the medical record as well as challenges related to the resources limitations. In order to understand and overcome the issues surrounding the concept of mobile medical records, specific research questions will need to be addressed. 2.1 Research Aims The two major research aims that this project will be addressing involve the performance comparisons of both compression and encryption algorithms The performance comparisons of encryption algorithms Due to the limitations of a cell phone, it is important to analyse the performance of the encryption algorithms in order to find the most suitable choice for securing a medical record on a cell phone. This will involve the analysis of several algorithms in order to find an algorithm that maximises the security that it provides whilst minimising the resources required by the cell phone The performance comparisons of compression algorithms Similarly with compression algorithms, the most suitable choice for compressing a medical record on a cell phone must be found. This will involve the analysis of several algorithms in order to find an algorithm that reduces the storage space required by the cell phone whilst minimising the resources that it requires Granularity of the medical records Patients need to have control that will allow them to selectively show only parts of their medical record at any given time. The medical record will therefore need to be broken up into separate components to allow for partial access before compression and encryption can take place. 2

4 2.1.4 Comparison of storing medical records on the internal memory of the cell phone as opposed to a microsd card Medical records and other personal information need to be stored within the limited resources of cell phones. Ideally the records should be stored on the internal memory of the cell phone. This way the records can t easily be transferred from one phone to another without the user s knowledge and can only be accessed by someone with the correct permission. For the medical records to be stored in internal memory, they would need to undergo a series of lossless data compressions so that they can be stored within the limited storage space available on cell phones. These compressions are computationally intensive [Barr and Asanovic 2006] and may exceed the processing power on standard cell phones. Research will need to be conducted in order to see if using internal memory is a feasible option. If internal memory storage is not successful, another approach will be to investigate storing the records on a mircosd card in the cell phone. With the advances in mobile technology, the available memory on mircosd cards is sufficient for storing the records at a low cost The transmission medium between the cell phone and a medical database The medical record will need to be transmitted between the cell phone and a medical database to ensure that the record remains up to date and to allow the medical practitioner to gain access to the record. The aim is to investigate the strengths and weaknesses of using both Bluetooth technology and wireless networks for transmission. Bluetooth would be ideal since it is a much more accessible technology. It is also highly unlikely that a clinic in a developing area would have access to a wireless network. However research will need to be conducted in order to determine if Bluetooth is a feasible means of transmitting sensitive data such as medical records. 2.2 The importance of the problem This problem is important since the provision of mobile medical records, particularly in developing countries, will alleviate the problem of paper-based records. It will also create a convenient means for patients to have full control over their records as well as be able to easily share their medical record with medical practitioners. The treatment of certain diseases requires a patient's full medical history and therefore there exists a need for efficiently storing and retrieving such information so that medical practitioners can make accurate diagnoses. The medical record must also remain private and it is therefore important to determine the performance of different encryption algorithms so that the best security solution can be provided within the limitations of the cell phone. Similarly, the compression of the medical record is important since it is destined to grow over time and needs to be stored within the limited memory that is available on a cell phone. Therefore measuring the performance of different compression and encryption algorithms is also important. Reporting the findings for these performance tests will also aid in other research areas where such performance measurements are relevant. 3

5 3. Procedures and methods 3.1 Development environment The system will be implemented on mid-tier cell phones such as the Symbian S40 and Samsung e250. This type of device was selected for the reason that the application will mainly be deployed in developing areas where there is a low income rate. These devices are affordable and provide the needed specifications to run the complex encryption and compression algorithms that are necessary. For programming the application we will be using J2ME, which allows us to use Java and the J2ME wireless toolkit to create our application for mobile devices. 3.2 System design The system was designed to have two separate components. The first part deals with security and involves securing the transmissions between the medical database server and the cell phone. This will also involve encrypting and decrypting the data on the cell phone. This part of the project is highlighted green in the figure below. The second component involves compressing and decompressing the records on the cell phone and then efficiently storing these records in memory. This part of the project is highlighted blue in the figure below. The components are designed to be as separate as possible and therefore linked only by data that is passed between them. Figure 1. The system diagram displays the separate components of the project that will be implemented by the group members. 4

6 3.3 Implementation strategy Since the components for this project are separate we will work on implementing each component as a stand-alone function. For security, the first step will be to find an optimal encryption algorithm that can be executed on a cell phone. This will then be used to encrypt and decrypt the medical record data. The next step will then be to secure the transmission of data between the cell phone and the medical database. With regard to the compression component, the first step is finding a compression algorithm that provides lossless data compression within the limited resources on a cell phone. The next step would then be to develop this component to be able to compress the medical record data on a cell phone. After the two stand-alone functions have been created and tested, we will integrate the two components together into one application for final testing. The interface for the system will be rudimentary and primarily for testing purposes since the main aim of the project is to investigate a back-end solution. 3.4 Expected challenges A major challenge for this project will be creating reasonable goals. Being new to the field it is going to be a challenge estimating how long certain tasks are going to take. This may result in the underestimation of the complexity of certain tasks and therefore fewer days than what is needed being assigned to complete the tasks. This will cause the project to fall behind schedule. One of the main goals for this project is testing the performance of our application on different types of cell phones. The challenge we have due to using mid-tier mobile phones is that there is no simple application to monitor system performance which means we need to devise a way of monitoring the resource usage of the phone when running the application. This project will involve complex algorithms for both encryption and compression systems therefore another challenge will involve understanding the concepts behind these algorithms in order to find the most efficient algorithm given the limitations of a cell phone. 3.5 Performance testing The performance of the encryption algorithms will be analysed according to the level of security that they provide in comparison with their use of the resources on the cell phone. Similarly, the performance of the compression algorithms will be analysed according to their ability to reduce the size of the data without the loss of any detail in comparison with their use of the resources on the cell phone. Ideally we would like to obtain measurements that will be used to compare the performance of each algorithm. Measurements such as: Execution time CPU usage Memory usage But as mentioned in section 3.4, there is no simple application to monitor the system. We can monitor the execution time by printing out the system s start and finish time to a log file. In order to be able to test the performance of our application we plan on implementing something similar to what was done in [Wang and Manner 2009], in which we will monitor the voltage level of the battery to determine how much power is used in running our application. 5

7 The purpose of this will be to determine how much power went to processor to complete the task by measuring the amount of power that was lost in the battery. Less battery usage implies that the processor ran for a shorter amount of time and since the cell phones will have similar specifications, we can then compare the results. The algorithms will also be tested using different data block sizes in order to determine the rate at which the performance of the algorithms changes as the size of the data increases. After the algorithms have been sufficiently tested, as an extension we aim to investigate the performance of the software on different cell phones. The aim here would be to compare different phones with the same specifications as well as different memory card types in order to see if our application yields different results on different hardware. 4. Ethical, professional and legal issues Our project will not require ethics clearance as we will not be performing user based testing. There are legal and ethical issues associated with the use of real medical record data since this must remain confidential. In order to overcome these issues we will be using anonymised medical record data that will be obtained from postgraduate students who are currently doing research in this field. These records will be used for the purposes of developing the system and testing the performance of various encryption and compression algorithms. In terms of intellectual property rights, the results from the research and performance measures will be released under an open source licence so that other researchers are able to benefit from the findings. 6

8 5. Related Work Recently it has been demonstrated that in terms of public key cryptography, the elliptical curve cryptography (ECC) algorithm not only requires less computational power but also provides security that is comparable to the Rivest, Shimar and Alder (RSA) algorithm [Misic 2008]. The secret with ECC lies in the computational complexity with which the keys are generated thus making it more challenging to break the algorithm even though the size of the keys are smaller compared to the keys used for RSA. The Advanced Encryption Standard (AES) algorithm has been shown to require only a small amount of computational power whilst providing a secure means of encryption compared to other symmetric key cryptography algorithms [Lisonek and Drahanský 2008]. A recent performance evaluation of several symmetric encryption algorithms conducted by [Elminaam et al. 2010] shows that the Blowfish algorithm outperforms all the rest including the AES algorithm. The performance tests were conducted to analyse both throughput and time consumption for each algorithm on various file types and sizes. Lossless data compression applications can fail when compressing certain files, if the application struggles to find a repeated pattern [Wang and Manner 2009]. The figure below shows the compression ratio and the time it takes to compress a file that already has a compact format. Figure 2. Comparison of different compression programs with corresponding compression times [Wang and Manner 2009]. 6. Anticipated Outcomes 6.1 System At the end of the project we expect to have created an application that will allow for the storage, management and maintenance of medical records. The system will be capable of storing a compressed and encrypted medical record on a cell phone as well as transmitting the medical record securely between a cell phone and a medical database. 7

9 6.2 Expected impact The expected results for this project will consist of a system that is able to securely store a medical record on a cell phone. The system will also allow the medical record to be securely transmitted between the cell phone and a medical database. Since the main research component consists of comparing the performance of both encryption and compression algorithms, we expect to find a combination of these algorithms that is most efficient and cost effective for implementation on a cell phone. Since this is an important problem and will aid in the management of medical records, the system will make a difference to patients in developing areas that are currently responsible for managing their own medical records. The project will also have an impact on the lives of medical practitioners working in clinics that are in developing areas as they will be able to make more accurate diagnoses if the patient s medical records are up to date and well managed. Another important outcome of this project will be a report of the findings in terms of performance for both encryption and compression algorithms that could be used for future research purposes. 6.3 Key success factors The success of the project will be judged by the three components. Firstly, the ability to store the medical record on the cell phone using the best possible medium of storage, whether it be using microsd cards or the internal memory of a cell phone. Secondly, to create a prototype that efficiently encrypts and compresses the medical records on the mobile phone within the limited resources available and finally, to secure the transmission between the medical database and the patient s cell phone that is both efficient and cost effective. 7. Project Plan 7.1 Risks Failure to meet project milestones If this becomes a regular occurrence it is likely that the project will not meet the necessary requirements and end up being a failure. Severity: High Likelihood: Medium Mitigation: Milestones must be monitored on a weekly basis to ensure that the project does not fall behind schedule. Meetings with the supervisor to present work that has been completed will help to keep the project on track. In the event that the project falls behind schedule, both members of the team will need to do extra work to gain lost time. Hardware failure Since the core of the project involves the use of a cell phone, if the device fails then this could result in delays for both implementation and performance testing. Severity: High Likelihood: Medium Mitigation: The project will require another cell phone as a backup device in the event that the original device fails. The cell phone will need to be the same as the original device to maintain the consistency of the implementation and performance testing thus far. 8

10 Group member becomes unavailable In the event that one of the team members becomes unavailable to the project, this could result in failure to meet the project milestones and ultimately result in the project falling behind schedule. Severity: High Likelihood: Low Mitigation: The project has been designed in such a way that each group member has been allocated a separate area of research and implementation. The separation of the project will allow one group member to continue on with their work should the other group member become unavailable. Failure to find a means of measuring performance This is one of the major research aims for this project and therefore failure to find an effective means of testing the performance of different compression and encryption algorithms could cause the scope of the project to change. Severity: High Likelihood: Medium Mitigation: A paper detailing a way of monitoring battery usage during compression that was found can aid us in adopting a similar technique to measure performance if all else fails. Further research will therefore need to be conducted in this area. 7.2 Timeline Refer to the Gantt Chart in Appendix A. 7.3 Required resources Equipment Cell phones: At least two cell phones will be required in the event that one of them fails and at least two different types of cell phone for performance testing purposes. MicroSD cards: These will be used to determine the best possible storage medium along with the internal memory on the cell phone. Bluetooth USB device: This will be required to test the transmission of the medical record from the cell phone to the medical database. A device is needed as the existence of Bluetooth on a desktop computer is not guaranteed. Medical database: A database containing anonymised medical record data will be required. Software Java J2ME: This will be used for developing the prototype on the cell phone. 9

11 7.4 Deliverables The following table details the deliverables for the project: Table 1. Project Deliverables Prototype: Initial feasibility demonstration Background/Theory Chapter Design Chapter First implementation Final implementation Chapters on implementation and testing Outline of complete report First complete draft of report Final report handin Poster Project web page Individual reflection paper July 29 July 29 August 19 September 28 September 03 October 10 October 24 October 31 October 03 November 07 November 11 November 10

12 7.5 Milestones The following table details the milestones for the project: Table 2. Project Milestones Milestone Due date Project Proposal 19 May Presentation of project proposal 26 May Project web presence (including proposal, timeline, plan) 14 June Prototype: Initial Feasibility Demonstration 25 July Background chapter done 29 July Design chapter done 29 August First implementation of algorithms and performance testing with write up 19 September Final implementation and performance testing with write up 28 September Final implementation and coding complete 03 October Chapters on implementation and performance testing 03 October Report outline: chapter and major section headings 10 October Final report draft 24 October Report final handin 31 October Poster due 03 November Final Project web page 07 November Individual reflection paper 11 November Final project presentation November 11

13 7.6 Work allocation Each group member has a separate section of the overall workload allocated to them. Paul Brittan will be implementing the storage of the medical record on the cell phone as well as investigating and reporting on the performance of various compression algorithms. Shelley Petzer will be implementing the two way transmission of the medical record between the medical database and the cell phone as well as investigating and reporting on the performance of various encryption algorithms. 12

14 References BARR, K, C. AND ASANOVIC, K Energy-Aware Lossless Data Compression. In ACM Transactions on Computer Systems, 24 (3), ACM New York, NY, USA, BURGSTEINER, H., AND PRIETL, J A Framework for Secure Communication of Mobile E- health applications. In Medical Informatics meets ehealth, ELMINAAM, D. S. A., KADER, H. M. A., AND HADHOUD, M. M Evaluating The Performance of Symmetric Encryption Algorithms. In International Journal of Network Security, 10 (3), ELMUFTI, K., WEERASINGHE, D., RAJARAJAN, M., RAKOCEVIC, V., AND KHAN, S Privacy in Mobile Web Services ehealth. In Proceedings of Pervasive Health Conference and Workshops 2006, 1-6. LISONEK, D. AND DRAHANSKÝ, M SMS Encryption for Mobile Communication. In SECTECH '08: Proceedings of the 2008 International Conference on Security Technology, IEEE Computer Society, Washington, DC, USA, MISIC, J Traffic and Energy Consumption of an IEEE network in the presence of authenticated, ECC Diffie-Hellman ephemeral key exchange. In Computer Networks Journal, 52 (11), WANG, L., AND MANNER, J Evaluation of data compression for energy-aware communication in mobile networks. In CyberC '09: Proceedings of the International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, IEEE Press,

15 Appendix A The following is a Gantt chart for the project. Figure 3. Gantt Chart Paul Brittan Shelley Petzer Both 14