A New Security Model using Multilayer Approach for E-Health Services

Abstract

Problem statement: Delivering services online is important in e-health. Services that are delivered through online communications between engaging parties, often involve sensitive information transmitted over the Internet. However, while the Internet successfully facilitates these services, significant threats also come in parallel. Network attacks, information breaches and malicious software on a computer system are common threats to the Internet. These threats can cause severe damage to computer systems and also the information. As we study current security technologies particularly that provide security to online communications, we found out that these technologies do not cater for different kinds of security needs because of the rigid way the security mechanisms are constructed. Therefore, we are interested in developing a security model that facilitates these needs, specifically in e-health. Approach: First, the area where different security requirements are needed are explored, such as the information classification found in ISO17799. This classification is based on the sensitivity levels of the information, where the more sensitive information requires higher security measures compared to the less sensitive information. Then, the information classification is applied to the e-health environment, so that our security model can handle the security processes for each classification. Results: The multilayer communication approach or MLC is the proposed security model. MLC classifies communications in e-health into five categories: Layer 1 to Layer 5 representing extremely sensitive, highly sensitive, medium sensitive, low sensitive and no sensitive data. This classification refers to the different sensitivity of the information exchanged during communications. For example, Extremely Sensitive communication involves exchanging extremely sensitive information, which requires highest security mechanisms, while Low Sensitive communication requires lower security mechanism. Conclusion: MLC provides five different types of security needs, where users can flexibly choose their own security preferences for their online communications, which the current technologies are lacking.