Skip to main content
SpringerLink
Log in

A Technique for Strengthening Weak Passwords in Electronic Medical Record Systems

  • Conference paper
Foundations of Health Informatics Engineering and Systems (FHIES 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7151))

  • 712 Accesses

Abstract

The internet has accelerated access to and sharing of electronic medical records (EMR). EMRs are meant to be confidential and only accessed or shared with authorization from the owner. A combination of UserID and a Password is the most widely used mechanism to assure user authentication and access to EMRs. However, these mechanisms have been greatly compromised by guessing and hacking of weak passwords leading to increased cases of medical identity theft, cyber terrorism and information systems attacks. This has resulted in false financial claims, debts due to unauthorized disclosure of the private and confidential EMRs leading to huge losses for the victims. This study developed a technique to strengthen weak passwords that integrates UserIDs, weaker password, salts, challenge responses and random variables to derive a stronger password for authentication. A system prototype to test the technique was built, tested and validated by users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Admin. Strong passwords are especially important for government websites; Georgia Tech Procurement Assistance Center (GTPAC) (retrieved on July 28, 2010)

    Google Scholar 

  2. Aron, H.: Identity Theft, Password Habits, and e-Shopping Safety (2009), http://ebay.about.com/od/ebaylifestyle/a/el_paypalstudy.htm (retrieved on July 26, 2010)

  3. Azmi, M.T., Emran, M.T.: A Survey on Computer Password Practices Undergraduate Students at Faculty of Medicine. Malaysian Journal of Community Health 12(1), 1–7 (2006)

    Google Scholar 

  4. Barbara, S.C.: Software Usability Research Laboratory (SURL). Wichita State University General Password Characteristics 8(1) (2006)

    Google Scholar 

  5. Carolyn, C.: Key Capabilities of an Electronic Health Record System (2003), http://www.nap.edu/openbook.php?record_id=10781&page=1 (retrieved on February 2, 2009)

  6. Cios, K.J., Moore, G.W.: Uniqueness of medical mining. Artif. Intell. Med. (Artificial Intelligence in Medicine) 26(1-2), 1–24 (2002)

    Article  Google Scholar 

  7. Jilian, M.: Medical identity theft is on the rise and expected to worsen. Wall Street Journal (2009)

    Google Scholar 

  8. Dave, G., Mike, D.: A Analytics TM White Paper: Electronic Medical Records vs. Electronic Health Records: Yes, There Is a Difference Healthcare Information and Management Systems Society (HIMSS), Chicago, IL (2006)

    Google Scholar 

  9. Kaelber, D.C., Jha, A.K., Johnston, D., Middleton, B., Bates, D.W.: A Research Agenda for Personal Health. J. Am. Med. Inform. Assoc. 15(6), 729–736 (2008)

    Article  Google Scholar 

  10. Davis, N., Chrisann, L., Kim, R.: Identity Theft and Fraud-The Impact on HIM Operations (AHIMA Practice Brief). Journal of AHIMA 76(4) (2005)

    Google Scholar 

  11. Dwight, O.E., Michael, R.R.: What Can Electronic Medical Records Do For You? The Journal of Lancaster General Hospital 3(4) (2008)

    Google Scholar 

  12. Emergis, B.: Framework for building a shared EMR (2008), http://www.longwoods.com/product.php?productid=19603#sendtofriend (retrieved on March 13, 2010)

  13. Eugene, S.H.: Preventing Weak Password Choices. West Lafayette: Computer Science Technical Reports. Paper 875 (3) (1991), http://docs.lib.purdue.edu/cstech/87511

  14. FDIC. Putting an End to Account-Hijacking Identity Theft (2004), http://www.fdic.gov/consumers/consumer/idtheftstudy/identity_theft.pdf (retrieved on April 6, 2011)

  15. Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web, pp. 471–479 (2005)

    Google Scholar 

  16. James, F.L.: Password Management Strategies for Safer Systems Foil hackers. Strengthen and protect your systems’ passwords. Journal of Accountancy (2009)

    Google Scholar 

  17. Jie, Z., Xin, L., Somasheker, A., Jennifer, Z.: Improving multiple-password recall: an empirical study. European Journal of Information Systems 18, 165–176 (2009)

    Article  Google Scholar 

  18. Bell, K.M.: The National Alliance for information Technology: Report to the Office of the National Coordinator for Health Information Technology. Defining Key Health Information Technology, USA (2008)

    Google Scholar 

  19. Kim, Z.: Weak Password Brings ‘Happiness’ to Twitter Hacker (2009), http://www.wired.com/threatlevel/2009/01/professed-twitt/ (retrieved on July 23, 2010)

  20. Leslie, L., Edward, J.Y.: Password pitfalls and dynamic biometrics: Toward a multi-layer user authentication approach for electronic business. Academy of Information and Management Sciences (2004)

    Google Scholar 

  21. Pam, D.: The Medical Identity Theft: The Information Crime that Can Kill You. The World Privacy Forum (2006), www.worldprivacyforum.org/medicalidentitytheft.html (retrieved on July 1, 2010)

  22. Lynne, R.: Cyber-Victimisation in Australia: Extent, Impact on Individuals and Responses, Curtin University of Technology, Briefing Paper no. 6 (2008)

    Google Scholar 

  23. Matteo, D., Pietro, M., Yves, R.E.: Password Strength: An Empirical Analysis. In: Symposium on Network Computing and Applications, Cambridge, MA, USA, July 9-11, pp. 28–35 (2009)

    Google Scholar 

  24. Mcafee. Techniques for strong passwords (2007), http://www.dell.com/html/emea/ (retrieved on April 6, 2011)

  25. Manoj, K.S.: Password Based A Generalise Robust Security System Design Using Neural Network. International Journal of Computer Science Issues 4(2) (2009)

    Google Scholar 

  26. Medlin, B.D., Crazier, J.A., Dave, D.S.: Password Selection by End Users from an eCommerce Site: An Empirical Study, p. 447 (2005), http://aisel.aisnet.org/amcis2005/447 (retreived on July 20, 2010)

  27. Mohammad, M., van Oorschot, P.C.: Digital Objects as Passwords. In: Proceedings of the 3rd Conference on Hot Topics in Security (2008)

    Google Scholar 

  28. Nicholas, A.K., Jonathan, B., Amit, J.N., John, G.: Electronic Medical Record Systems for Developing Countries. In: Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society (2009)

    Google Scholar 

  29. Redwood, S.: Imperva’s Application Defense Center (ADC): Imperva Releases Detailed Analysis of 32 Million Breached Consumer Passwords (retrieved on July 27, 2010)

    Google Scholar 

  30. Riley, S.: Password security: What users know and what they actually do. Usability News 8(1)

    Google Scholar 

  31. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 1st edn., p. 36. Wiley Publishing Inc. (2001)

    Google Scholar 

  32. San, J.: PayPal Trust and Safety Study. Identity Theft Twice as Likely in English-Speaking Countries (2008), https://www.paypal-media.com/ (retrieved on July 16, 2010)

  33. Tehan, R.: Personal Data Security Breaches: Context and Incident Summaries (Cong. Res. Serv. Rpt. RL33199) (2007)

    Google Scholar 

  34. Vijaya, M.S., Jamuna, K.S., Karpagavalli, S.: Password Strength Prediction Using Supervised Machine Learning Techniques. In: Proceedings of the International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 401–405. IEEE Computer Society, Washington, DC (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Informatics Technology, Makerere University, Box 7062, Kampala, Uganda

    Samuel Tusubira Kalyango & Gilbert Maiga

Authors
  1. Samuel Tusubira Kalyango
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gilbert Maiga
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. International Institute for Software Technology, United Nations University, Casa Silva Mendes, Est. do Engenheiro Trigo No. 4, Macao, China

    Zhiming Liu

  2. Centre for Software Certification, McMaster University, 1280 Main Street West, ITB 202, L8S 4K1, Hamilton, ON, Canada

    Alan Wassyng

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kalyango, S.T., Maiga, G. (2012). A Technique for Strengthening Weak Passwords in Electronic Medical Record Systems. In: Liu, Z., Wassyng, A. (eds) Foundations of Health Informatics Engineering and Systems. FHIES 2011. Lecture Notes in Computer Science, vol 7151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32355-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32355-3_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32354-6

  • Online ISBN: 978-3-642-32355-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation