• Health care institutions gather and store sensitive information from patients such as medical test records;
• Patients can not always access their medical records in a secure manner;
• Information systems do not always ensure fine-grained and contextualized access to medical records for relevant staff;
• Lack of connection and access to medical records of different partner institutions, with different infrastructures.

• Provide a secure system to allow safe and confidential access to patient's medical records;
• Ensure authentication and access control to certain resources for authorized personnel;
• Ensure secure interconnection (sending and receiving medical records) between partner health organizations.

• Ensures confidentiality and integrity of medical records;
• Ensures confidentiality and integrity of communications with the web browser;
• Ensure successful authentication of citizens;
• Authenticates citizens in a secure way;
• Ability to change password if citizen is authenticated;
• Authenticated user credentials confirmation sent to email;
• Ensures that only authorized staff and patients have an account;
• Ensures different “roles” have access to different privileges;
• Ensures there is only one account per citizen, using citizen ID card number;
• Prevents access to medical records if the citizen does not have privileges;
• Allows user A to change the privileges of user B, if user A is a system administrator;
• Validates and sanitize form input;
• Uses HTTPS to encrypt communications;
• Stores and manage symmetric and asymmetric keys;
• Defines a restricted set of rules on the firewall;
• Establishes mutual authentication and shares medical records with partner institutions;
• Minimizes the impact of attacks inside the system.

In order to simulate real systems and their interconnection, our solution is based on the development of two systems representing healthcare institutions. A hospital and a partner laboratory. The goal is to have two completely independent and functional healthcare institutions, each with its own data storage system and independent web platform, and simultaneously simulate the sending of confidential patient’s medical records in a secure way from one institution to the other. Authorized hospital and laboratory staff as well as patients will be able to access their respective hospital and laboratory remotely or locally.

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. It has features like Comprehensive and extensible support for both Authentication and Authorization. Protection against attacks like session fixation, clickjacking, cross site request forgery, etc...

As you can see, 7 virtual machines running Ubuntu Server were deployed.

• 1 for the router that will simulate the internet;
• 1 for Hospital Server, which will receive the clinical records from Partner Lab Backend;
• 2 for the hospital and laboratory respective frontends;
• 2 for the hospital and laboratory respective backends;
• 1 for local or remote users which will access the frontend servers. To change the location of users on the network, just change the properties of the VM in the hypervisor (VirtualBox, for example). This way we avoid creating multiple VM's for each local and remote user.

For the configuration of the each vm, the hostname, host, credentials, network were configured. For each machine in the laboratory and hospital networks, a static ip was set. The patient (Remote user) is connected via DHCP to the NAT Network. For the router, there were added the hospital network, laboratory network and NAT adapters, so that the communication could flow between the three interfaces.

A user accesses any of the health institution platforms through the HTTPS protocol, thus encrypting the communication and making it secure. Each of the health institutions has a frontend that authenticates a user according to his/her "role", processes, validates, sanitizes form data and makes requests to the api of the respective backend institution to authenticate users, or to fetch a user or a medical/clinical specific information, which then makes a request to the respective database. The connections to the databases, as well as the connections from frontends to backends, use the HTTPS protocol, thus ensuring content integrity and confidentiality

By default, the backends connect to their databases via HTTPS. SSL is configured in the backends application.properties. For the frontends and backends, self-signed certificates were created with the help of the keytool. To establish the HTTPS connection were also configured the application.properties files in the frontends and backends of both institutions.

• Each time a partner Laboratory responsible creates a clinical record, the record is automatically sent to the hospital in a secure and confidential way. To establish this connection, it is necessary to ensure a mutual authentication by both the laboratory and the hospital server;

• When the connection is first requested, the hospital server and the laboratory must both authenticate each other and exchange a symmetric key in order to encrypt the messages that will be sent;

• After the exchange of the symmetric key, the laboratory makes a request to the hospital server, asking if the patient exists in the hospital's database. If the patient exists, the clinical record will be sent and then registered in the hospital's database.

• Each Health Institution is a certifying entity that issues its own certificate. Each of these institutions have an asymmetric key pair, stored in a keystore, which will be used to communicate and establish secure connections and in a truststore the public key of the other service, this is, the hospital backend server has the public key of the laboratory backend. Symmetric keys are generated when establishing a connection between laboratory backend server and hospital server;

• When the connection is first requested by the laboratory, the hospital server sends its signed certificate, so the laboratory can verify its legitimacy. The second step is laboratory is to verify the server legitimacy, in order to do this, the server sends a random string to the laboratory, so that the laboratory can sign that string with its private key and the server can verify the laboratory authenticity by decrypting the same random string using the laboratory public key;

• If the authentication is successful, the laboratory creates a symmetric key that is sent to the laboratory, encrypted with its public key. This key is generated so that the communication is done without overexposing the private keys;

• The symmetric key is temporary and is changed for every medical record that is sent to the hospital server.

• Integrity
• Freshness
• Confidentiality

To prepare the environment it is necessary to import the vms. Please donwload them in following links:

With that done we can procede to import the virutal machines (vms). In order to import the vms you should go to:

• Import, Choose the correct .ova file and import it into virtualbox.

Import all of them and start them in the green button start.

Note You don't need to login in each vm, you just need to start them in the start green button in virtual box. If you want to explore each virtual machine in detail, you can login with the following credentials:

The credentials for each vm are the the same as the hostname, this is, if hostname is hosf, then username is hosf and password is hosf. The root crentials are root:root

Patient Virtual machine credentials:

After logging in, open a browser and it is possible to see two bookmarks:

For hospital:

https://10.0.0.4:8443/

For laboratory

https://10.0.0.104:8443/

Click on any of the bookmarks, and you will be automatically redirected to the hospital and laboratory web pages, respectively. From here you can explore both websites.

• Hospital Frontend 10.0.0.4
• Hospital Backend 10.0.0.5
• Laboratory Frontend 10.0.0.104
• Laboratory Backend 10.0.0.105
• Hospital Backend Server 10.0.0.6

First of all, download the ready to execute folder Medical-Test-Records

Maven and java are required. So, let's install them

We're gonna use maven. The folder is inclued in our project, so ignore this step.

But there are the instructions:

Installing maven, compatible with java 17:

0. Please click here to download maven;

1. Download Binary tar.gz archive: apache-maven-3.8.4-bin.tar.gz;

2. Unpack the archive with tar/unzip;

To run the code in a local linux system java 17 and maven must be installed.

Installation of java 17:

sudo apt install openjdk-17-jre

sudo apt install openjdk-17-jdk

Change java version to the newer one:

sudo update-alternatives --config java

In order to make the correct installation of java 17 follow the following instructions:

0. Download java 17 from here NOTE: for Macbook M1 select "macOS/AArch64";
1. Now go to your Downloads cd Downloads/;
2. Make sudo mv openjdk-17.0.2_macos-aarch64_bin.tar.gz /Library/Java/JavaVirtualMachines/;
3. cd /Library/Java/JavaVirtualMachines/;
4. sudo tar -xzf openjdk-17.0.2_macos-aarch64_bin.tar.gz;
5. sudo rm openjdk-17.0.2_macos-aarch64_bin.tar.gz;
6. export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-17.0.2.jdk/Contents/Home.

After the previous installation is complete in your OS, please read the following notes before running.

If you are testing in your local machine, Do not run all jars at the same time. Please note, Hospital and Laboratory frontends are running on port 8443, and their respective backends are also running in port 3000. Due to this, it is impossible to run both Hospital and Laboratory at the same time. It is still possible to run Hospital Backened server, that is running on port 4000, in order to test the custom protocol.

But if you deploy the project in the vms, you can run all at the same time (there is no issue with localhost used ports).

Summary:

• Hospital Frontend: port 8443
• Hospital Backened: port 3000
• Laboratory Frontend: port 8443
• Laboratory Backened: port 3000
• Hospital Backend Server: port 4000

Go to Medical-Test-Records/jars directory and run:

java -jar Laboratory-Frontend.jar

Go to Medical-Test-Records/Code/Laboratory-Backend directory and run:

java -jar Laboratory-Backend.jar

Go to Medical-Test-Records/Code/Hospital-Backend-Server directory and run:

apache-maven-3.8.4/bin/mvn spring-boot:run

Now open your browser in https://localhost:8443/ and enjoy our laboratory system.

Go to Medical-Test-Records/jarsdirectory and run:

java -jar Hospital-Frontend.jar

java -jar Hospital-Backend.jar

Now open your browser in https://localhost:8443/ and enjoy our hospital system.

The credentials to access the hospital and laboratory can be found below.

For deploymend on a live system you should have access to a mongodb database account and a suficient ammount of ram.

For virtualization any hyphervisor should suffice, you just need to be able to create isolated internal networks and and have access to the internet.

For a more isolated control of any possible vulnerabilities, the use of docker could add an extra layer of protection against attacks to the network, this is, it creates an extra difficulty to obtain higher/relevant credentials on the computar that manages the docker/s.

Regarding the system, there is a necessity to create the first admin manually, since the option of creating new user/admins is not available. This is a great advantage in terms of security, but can become a problem in usability, even if it must only be done once.

The Hospital Backend server is able to accept multiple clients (via threads) therefore it possible to easily escalate the system, create multiple laboratories.

Regarding vms and networking, although we had a solution that forwarded all packets from both interfaces via a router, the vms had no internet access, therefore we had to remove the router and put every vm in the same network.