Abstract
The internet has accelerated access to and sharing of electronic medical records (EMR). EMRs are meant to be confidential and only accessed or shared with authorization from the owner. A combination of UserID and a Password is the most widely used mechanism to assure user authentication and access to EMRs. However, these mechanisms have been greatly compromised by guessing and hacking of weak passwords leading to increased cases of medical identity theft, cyber terrorism and information systems attacks. This has resulted in false financial claims, debts due to unauthorized disclosure of the private and confidential EMRs leading to huge losses for the victims. This study developed a technique to strengthen weak passwords that integrates UserIDs, weaker password, salts, challenge responses and random variables to derive a stronger password for authentication. A system prototype to test the technique was built, tested and validated by users.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Admin. Strong passwords are especially important for government websites; Georgia Tech Procurement Assistance Center (GTPAC) (retrieved on July 28, 2010)
Aron, H.: Identity Theft, Password Habits, and e-Shopping Safety (2009), http://ebay.about.com/od/ebaylifestyle/a/el_paypalstudy.htm (retrieved on July 26, 2010)
Azmi, M.T., Emran, M.T.: A Survey on Computer Password Practices Undergraduate Students at Faculty of Medicine. Malaysian Journal of Community Health 12(1), 1–7 (2006)
Barbara, S.C.: Software Usability Research Laboratory (SURL). Wichita State University General Password Characteristics 8(1) (2006)
Carolyn, C.: Key Capabilities of an Electronic Health Record System (2003), http://www.nap.edu/openbook.php?record_id=10781&page=1 (retrieved on February 2, 2009)
Cios, K.J., Moore, G.W.: Uniqueness of medical mining. Artif. Intell. Med. (Artificial Intelligence in Medicine) 26(1-2), 1–24 (2002)
Jilian, M.: Medical identity theft is on the rise and expected to worsen. Wall Street Journal (2009)
Dave, G., Mike, D.: A Analytics TM White Paper: Electronic Medical Records vs. Electronic Health Records: Yes, There Is a Difference Healthcare Information and Management Systems Society (HIMSS), Chicago, IL (2006)
Kaelber, D.C., Jha, A.K., Johnston, D., Middleton, B., Bates, D.W.: A Research Agenda for Personal Health. J. Am. Med. Inform. Assoc. 15(6), 729–736 (2008)
Davis, N., Chrisann, L., Kim, R.: Identity Theft and Fraud-The Impact on HIM Operations (AHIMA Practice Brief). Journal of AHIMA 76(4) (2005)
Dwight, O.E., Michael, R.R.: What Can Electronic Medical Records Do For You? The Journal of Lancaster General Hospital 3(4) (2008)
Emergis, B.: Framework for building a shared EMR (2008), http://www.longwoods.com/product.php?productid=19603#sendtofriend (retrieved on March 13, 2010)
Eugene, S.H.: Preventing Weak Password Choices. West Lafayette: Computer Science Technical Reports. Paper 875 (3) (1991), http://docs.lib.purdue.edu/cstech/87511
FDIC. Putting an End to Account-Hijacking Identity Theft (2004), http://www.fdic.gov/consumers/consumer/idtheftstudy/identity_theft.pdf (retrieved on April 6, 2011)
Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web, pp. 471–479 (2005)
James, F.L.: Password Management Strategies for Safer Systems Foil hackers. Strengthen and protect your systems’ passwords. Journal of Accountancy (2009)
Jie, Z., Xin, L., Somasheker, A., Jennifer, Z.: Improving multiple-password recall: an empirical study. European Journal of Information Systems 18, 165–176 (2009)
Bell, K.M.: The National Alliance for information Technology: Report to the Office of the National Coordinator for Health Information Technology. Defining Key Health Information Technology, USA (2008)
Kim, Z.: Weak Password Brings ‘Happiness’ to Twitter Hacker (2009), http://www.wired.com/threatlevel/2009/01/professed-twitt/ (retrieved on July 23, 2010)
Leslie, L., Edward, J.Y.: Password pitfalls and dynamic biometrics: Toward a multi-layer user authentication approach for electronic business. Academy of Information and Management Sciences (2004)
Pam, D.: The Medical Identity Theft: The Information Crime that Can Kill You. The World Privacy Forum (2006), www.worldprivacyforum.org/medicalidentitytheft.html (retrieved on July 1, 2010)
Lynne, R.: Cyber-Victimisation in Australia: Extent, Impact on Individuals and Responses, Curtin University of Technology, Briefing Paper no. 6 (2008)
Matteo, D., Pietro, M., Yves, R.E.: Password Strength: An Empirical Analysis. In: Symposium on Network Computing and Applications, Cambridge, MA, USA, July 9-11, pp. 28–35 (2009)
Mcafee. Techniques for strong passwords (2007), http://www.dell.com/html/emea/ (retrieved on April 6, 2011)
Manoj, K.S.: Password Based A Generalise Robust Security System Design Using Neural Network. International Journal of Computer Science Issues 4(2) (2009)
Medlin, B.D., Crazier, J.A., Dave, D.S.: Password Selection by End Users from an eCommerce Site: An Empirical Study, p. 447 (2005), http://aisel.aisnet.org/amcis2005/447 (retreived on July 20, 2010)
Mohammad, M., van Oorschot, P.C.: Digital Objects as Passwords. In: Proceedings of the 3rd Conference on Hot Topics in Security (2008)
Nicholas, A.K., Jonathan, B., Amit, J.N., John, G.: Electronic Medical Record Systems for Developing Countries. In: Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society (2009)
Redwood, S.: Imperva’s Application Defense Center (ADC): Imperva Releases Detailed Analysis of 32 Million Breached Consumer Passwords (retrieved on July 27, 2010)
Riley, S.: Password security: What users know and what they actually do. Usability News 8(1)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 1st edn., p. 36. Wiley Publishing Inc. (2001)
San, J.: PayPal Trust and Safety Study. Identity Theft Twice as Likely in English-Speaking Countries (2008), https://www.paypal-media.com/ (retrieved on July 16, 2010)
Tehan, R.: Personal Data Security Breaches: Context and Incident Summaries (Cong. Res. Serv. Rpt. RL33199) (2007)
Vijaya, M.S., Jamuna, K.S., Karpagavalli, S.: Password Strength Prediction Using Supervised Machine Learning Techniques. In: Proceedings of the International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 401–405. IEEE Computer Society, Washington, DC (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kalyango, S.T., Maiga, G. (2012). A Technique for Strengthening Weak Passwords in Electronic Medical Record Systems. In: Liu, Z., Wassyng, A. (eds) Foundations of Health Informatics Engineering and Systems. FHIES 2011. Lecture Notes in Computer Science, vol 7151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32355-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-32355-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32354-6
Online ISBN: 978-3-642-32355-3
eBook Packages: Computer ScienceComputer Science (R0)