Proceedings of the 2011 IEEE Systems and Information Engineering Design Symposium, University of Virginia, Charlottesville, VA, USA,

April 29, 2011

FridayPM2Applications.3

System Level Design of a Secure Healthcare Smart Card System

Merve Oksar and Berna Ors and Gokay Saldamli

Abstract Smart card-based healthcare system has several advantages over conventional paper-based systems in terms of security, privacy and portablity. In this study, a secure health care smart card system was designed and simulated. The goal of the project is to design a smart card system which will meet the major requirements of a healthcare identity system. Main features of the proposed system are data storage and secure data transfer. The system is a heterogeneous system with hardware and software components and it was designed using electronic system-level design methodology (ESL) with a top-down approach. It consists of cryptographic primitives, a central processing unit and memory blocks. RSA and AES are used for key share and encryption, respectively. An LFSR is employed to generate pseudo-random numbers which are used for calculating keys. We have used Aldec Active-HDL Student Edition to develop the system and perform mixedlanguage simulations. We have functionally veried the system using Active-HDL.

I. INTRODUCTION MART cards are used for a wide range of purposes including identication, telecommunication and payment. Citizen identication cards, bank cards, subscriber identity module (SIM) cards are some examples of smart card applications. Smart cards are deployed in health care applications, too. Smart-card based health care system has several advantages over the conventional paper-based system [1], [2]. Identication and authentication improve privacy and security. They help preventing unauthenticated devices or persons from accessing personal data of the card holder. Smart cards are portable devices so they have limited memories due to their limited area resources. However, essential information about card holders medical situation such as allergies, blood type can be stored in the card memory. These information can be life-saving in case of emergency. Smart card-based health care system is also efcient for reducing the cost of health care services and preventing medical fraud. National Health Care Anti-Fraud Association (NHCAA) estimates that $68 billion was lost due to health care fraud in the United States, in 2007 [3]. Smart Card Alliance lists the driving factors of smart card use in health care systems as patient identication and authentication, matching patients to their

particular data, security and access control, syncronizing data from disparate sources [1]. Smart card-based health care systems consist of smart cards for patients and health care employees, a network, a database, servers and card readers. In this study, we have designed smart card and card reader of the system. Our goals were using the card as a storage device and providing secure communication between the card and the reader. We have adopted a hardware-software co-design methodology with a top-down approach to model the system. This paper is organised as follows. In Section II, we provide a brief information about previous work. In Section III we describe the cryptographic mechanisms we used. We introduce design tools and methodology in Section IV. In Section V, we talk about the proposed system with its components. Finally, we discuss simulation results and conclusions. II. PREVIOUS WORK Smart cards in are widely used around the world in identication and health care applications. Slovenian Health Insurance Cards, Sesam-Vitale, Taiwan National Health Insurance Cards are some successful examples of smart cards which are being used for national health care services [1]. Smart card-based national health care program in Algeria provides personal identication number (PIN) code-protected smart cards for security purposes [4]. Patients are authenticated by their PIN codes, while health care employees use their USB keys to access the database. NETLINK Project which is funded by European Comission establishes recommendations and technical specications to ensure interoperability between Information Systems based on the use of smart cards for patients and health professionals, networks and security architectures as stated in NETLINK Project Presentation [5]. In [6] symmetric-key algorithms for message encryption and public-key mechanisms for key distribution are recommended by NETLINK. In our design, we have used a symmetric-key structure for encryption/decryption and a public-key cryptosystem for key distribution. Thomas et. al proposed a hardware-software co-design methodology in their article [7]. In this methodology, a hardware-software system is functionally described, and tested with co-simulation. In the next step, hardware-software partitioning is done considering performance criteria and technology. Finally, software and hardware components of the system are specied. In this project, we have adopted this design methodology, modelled a hardware-software system and performed co-simulation.

Manuscript received: February 21, 2011. Final version received: April 4, 2011. This study is funded by TUBITAK research projects No: 109E180 and No: 110E172. Merve Oksar and Berna Ors are with Istanbul Technical University, Faculty of Electrical Electronics Engineering, Maslak, Istanbul, oksar@itu.edu.tr, siddika.ors@itu.edu.tr Bogazici University, The School of Applied Disciplines, Bebek, Istanbul, Turkey, gokay.saldamli@boun.edu.tr

978-1-4577-0447-5/11/$26.00 2011 IEEE

170

III. MATHEMATICAL BACKGROUND Objectives of cryptography are condentiality, data integrity, non-repudiation and authentication [8], [9]. Two types of cryptographic techniques are symmetric-key and public-key crptography. In symmetric-key cryptography, sender and receiver of a message use the same encryption key k with encryption algorithm E and decryption algorithm D. Thus they have to agree on a shared, secret key in a secure way. This problem is solved through public-key cryptography methods. In symmetric-key cryptography, block ciphers process plaintexts of xed length, while stream ciphers process plaintexts character by character. Stream ciphers encrypt plaintexts of arbitrary lengths. Cryptographic primitives we have used in our design are introduced in the subsections below. A. AES Rijndael cipher is a symmetric-key scheme and it was selected to be the Advanced Encryption Standard (AES) by National Institute of Standards and Technology, in 2000 [8]. AES is an iterated block cipher and it supports different block sizes. The iterations are called round and the number of rounds depends on the key size. In our design, we have used 128-bit key size and 128-bit block size. A 128-bit block is encrypted in 10 rounds using a 128-bit key. After initial round key addition, round function is executed 8 times. In the nal step, a modied round function is executed. The round function consists of SubBytes, Shif tRows and M ixCloumns steps and an addition of the round key. B. RSA In 1976, Dife and Hellman published the idea of publickey cryptography [10]. Rivest, Shamir and Adleman invented RSA public-key cryptosystem [8]. RSA can function as a key agreement mechanism, a digital signature and an encryption mechanism. In RSA, two large prime numbers p and q are multiplied and their product n is calculated. p and q are kept secret and called private key. n is the part of public key. The basic idea is that factors of n cannot be recovered from n. In our design, we have used RSA for key agreement. C. LFSR Linear feedback shift registers are widely used in keystream generators [9]. An LFSR is a shift register and its input bit takes the output of a feedback polynomial as input. The feedback polynomial is a linear function of certain bits of the register. Once a seed value is loaded into the LFSR, it generates a pseudo-random bit sequence with every clock signal. Period length of the pseudo-random number sequence depends on the feedback polynomial. For security purposes, maximal length feedback polynomial should be used. We have used LFSR to generate random numbers for the key agreement mechanism. IV. DESIGN ENVIRONMENT In this section, we will introduce design methodology and tools we used.

A. Design methodology In this study, we have designed a heterogeneous system consisting of hardware and software components. We have adopted electronics system-level design methodology (ESL) [7], [11], [12] with a top-down approach. We have designed the complete system as a block diagram with its components. Then we have modelled submodules of the system using VHDL and SystemC [13], [14], [15]. B. Design tools We have used Aldec Active-HDL to design and simulate the proposed system. Active-HDL is an integrated FPGA design and simulation tool which supports mixed-language simulation [16]. We have performed VHDL-SystemC cosimulation using Active-HDL. V. PROPOSED SYSTEM In this section, the proposed system will be discussed. We have designed a secure health care smart card system [1], [2], [17], [18], [19], [20], [21], [22], [23], [24], [25] which would perform the tasks below: When the card receives a communication request from the card reader, the card and the reader share a key to establish a secure communication channel. The card stores personal and medical information about its holder. The card encrypts the data requested by the reader using the key and sends it to the reader. We have used public-key cryptography for the session key generation as well as symmetric cryptography for encryption. We have designed the system as a block diagram with its components as shown in Figure 1. Then we have designed the submodules using VHDL and SystemC. The system consists of a central processing unit, a pseudo-random number generator, an RSA [8], [9], [17], [26], [27] block, an AES [8], [17], [28], [29] block and SystemC-VHDL interfaces. In this section, we will talk about those submodules of the smart card system and their tasks. A. Central processing unit (CPU) Central processing unit of the card communicates with the reader and the other submodules of the card. When the card will send data to the reader, CPU sends a seed value and start signal to the random number genereator. Then the random number which will be used in Dife-Hellman key exchange [10] is retrieved. CPU sends the random number x, base a and prime number x to the RSA module to calculate modular exponentiation shown in Eq. (1). Both the card and the reader execute modular exponentiation twice to agree on the key. Kc = ax mod n (1)

Key exchange between the card and the reader is done as shown in Figure 2 [10]. A new key is generated for every session and the same key is used for encryption during the relevant session. CPU sends a start signal, the message which

978-1-4577-0447-5/11/$26.00 2011 IEEE

171

modular exponentiation. RSA block calculates modular exponentiation twice in a session. When RSA receives the base number, exponent, prime number and start signal from the CPU, it calculates Kc in Figure 2. With the second start signal, it receives Kr in Figure 2 as base number with the same exponent and prime number. Finally, it outputs the session key. Both the card and the reader perform the same tasks to calculate the session key. D. Encryption and Decryption (AES) Ordus Advanced Encryption Standard (AES) design [29] was implemented in the project. AES module was used for data encryption in the card. When AES block receives key, plaintext and start signal as input from the CPU, it encrypts the plaintext and outputs encrypted data called ciphertext. An AES decryptor was used in the card reader to extract plaintext from ciphertext.
Fig. 1. Block Diagram.

E. SystemC-VHDL Interfaces SystemC-VHDL interfaces are used to connect the modules written in SystemC and VHDL which have different length of inputs and outputs. Figure 3 shows a ow diagram of the operations performed by the card and the reader when data transfer will be done.

will be sent to the reader and the key to the AES module, nally it retrieves the encrypted data and sends it to the reader. CPU source code was written in SystemC.

Fig. 2.

Dife-Hellman Key Exchange Between the Card and the Reader.

B. Pseudo-random number generation (LFSR) A linear feedback shift register [9], [30], [31], [32] was implemented and used as a pseudo-random number generator. Feedback polynomial of the 128 bit LFSR using exclusiveOR logic operation is shown in Eq. (2). R(0) is the least signicant bit of the register while R(127) represents the most signicant one. R(0) = R(127) R(125) R(100) R(98) (2)

If LFSR seed value, feedback polynomial and number of clock cycles until the random number is created are known, the random number can be calculated. A different seed value can be used each session to prevent LFSR from generating the same output for every session. C. Key exchange (RSA) Bayhans RSA design [27] was used in this study. RSA module which was modelled in VHDL was used to perform
Fig. 3. Flow Diagram.

978-1-4577-0447-5/11/$26.00 2011 IEEE

172

VI. SIMULATION RESULTS We have run mixed-language simulations on Active-HDL. When a data request is received from the reader, the system establishes a secure communication channel. A key is generated and used to encrypt data which was requested by the reader. Figure 4 and Figure 5 show waveforms after the key generation and message encryption, respectively. We have used a clock signal with 100 MHz frequency and run behavioral simulation. Figure 4 shows that key generation is completed in 16,9345 ms. In Figure 5 it can be seen that encryption is completed in 10 steps, since we used 128-bit AES. round signal counts the steps.
TABLE I T IMING D IAGRAM OF THE S YSTEM

XXX Operation XX XX RNG Case X

ME

Total

K1 and P1 16 18509 10 36543 K2 and P1 16 17851 10 35489 K2 and P2 16 17851 10 35489 RNG : Random Number Generation, ME : Modular Exponentiation, E : Encryption

In Table I number of clock periods required to complete each operation performed by the system, and total time required to encrypt a 128-bit message are listed. Operations are listed in the rst row, while different cases are shown in the rst column of the table. K1 and K2 are different random number values which generate different keys. P1 and P2 are different plaintexts. It is observed that modular exponentiation calculation time depends on the random number which is used as exponent, since the same base and prime number are used. Hence, total operation time depends on the seed value which is used to generate the key, but it does not depend on the plaintext to be encrypted. VII. CONCLUSIONS In this study, a secure health care smart card system was designed using system-level design methodology, and the proposed system was functionally tested with VHDLSystemC co-simulations. We have performed functional, technology-independent simulations. The system can be implemented using a processor with eld programmable gate arrays (FPGA) or application-specic hardware after hardware-software partitioning. We have achieved our goals which were storing data in the card and providing secure communication between the card and the reader using cryptographic modules. However user and reader authentication feature should also be included in the system to improve privacy and security. R EFERENCES
[1] Smart Card Alliance Healthcare Council, A healthcare CFOs guide to smart card technology and applications, Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550, Tech. Rep. HCC-09001, 2009. [2] Smart Card Alliance, HIPAA compliance and smart cards: Solutions to privacy and security requirements, Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550, Tech. Rep. ID-03004, 2003.

[3] National Health Care Anti-Fraud Association, The problem of health care fraud, Online, http://www.nhcaa.org/eweb/DynamicPage.aspx?webcode= anti fraud resource centr&wpscode=TheProblemOfHCFraud. [4] E-healthcare record: Algeria, Online, http://www.gemalto.com/electronic health records/algeria.html. [5] Presentation of netlink project, Online, July 2002, http://www.sesam-vitale.fr/netlink/netlk pres.htm. [6] NETLINK requirements for interoperability, Online, June 2000, http://www.sesam-vitale.fr/netlink/ netlink requirements for interoperabilityv21.pdf. [7] D. E. Thomas, J. K. Adams, and H. Schmit, A model and methodology for hardware-software codesign , Design & Test of Computers, IEEE, vol. 10, pp. 615, 1993. [8] H. Delfs and H. Knebl, Introduction to Cryptography: Principles and Applications, 2nd ed. Springer-Verlag, 2007. [9] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1997. [10] W. Dife and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol. 22, pp. 644654, 1976. [11] B.Bailey, G. Martin, and A. Piziali, ESL Design and Verication: A Prescription for Electronic System-Level Methodology, 1st ed. Elsevier, 2007. [12] G. De Micheli, R. Ernst, and W. Wolf, Readings in Hardware/Software Co-Design. Academic Press, 2002. [13] D. C. Black and J. Donovan, SystemC From the Ground Up. Kluwer Academic Publishers, 2004. [14] T. Grotker, S. Liao, G. Martin, and S. Swan, System Design with SystemC. Kluwer Academic Publishers, 2002. [15] F. Ghenassia, Transaction-Level Modeling with SystemC: TLM Concepts and Applications for Embedded Systems. Springer, 2005. [16] Active-HDL student edition. [Online]. Available: http://www.aldec.com/Products/ [17] J. Borst, B. Preneel, and V. Rijmen, Cryptography on smart cards, Computer Networks, vol. 36, no. 4, pp. 423435, July 2001. [18] H. Handschuh and E. Trichina, High density smart cards: New security challenges and applications, in Securing Electronic BusinessProcesses: Highlights of the Information Security Solutions Europe/SECURE 2007, N. Pohlmann, H. Reimer, and W. Schneider, Eds., 2007. [19] M. Hendry, Multi-application Smart Cards: Technology and Applications. Cambridge University Press, 2007. [20] Smart Card Alliance Healthcare Council, Smart card applications in the U.S. healthcare industry, Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550, Tech. Rep. HC-06001, 2006. [21] W. Efng and W. Rankl, Smart Card Handbook, 3rd ed. John Wiley & Sons, 2003. [22] Sixth International Conference on Smart Card Research and Advanced Applications (CARDIS), 22-27 August 2004. [23] M. Hendry, Smart Card Security and Applications, 2nd ed. Artech House, 2001. [24] Smart Card Alliance Healthcare Council, Smart cards in U.S. healthcare: Benets for patients, providers and payers, Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550, Tech. Rep. HC-07001, 2007. [25] Smart Card Alliance, The taiwan healthcare smart card project, Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550, Tech. Rep., 2005. [26] R. A. Mollin, RSA and Public-Key Cryptography, 2nd ed. CRC Press, 2003. [27] D. Bayhan, RSA Acik Anahtarli Kriptosisteminin FPGA Uzerinde Dusuk Guclu Tasarimi ve Gerceklemesi, Masters thesis, Istanbul Technical University, 2010. [28] H. Dobbertin, V. Rijmen, and A. Sowa, Eds., Advanced Encryption Standard - AES: 4th International Conference, AES 2004, Bonn, Germany, 10-12 May 2004. [29] L. Ordu, AES Algoritmasinin FPGA Uzerinde Gerceklenmesi ve Yan Kanal Analizi Saldirilarina Karsi Guclendirilmesi, Masters thesis, Istanbul Technical University, 2006. [30] P. Alfkel, Efcient shift registers, LFSR counters, and long pseudo-random sequence generators, Xilinx Inc., Tech. Rep. XAPP 052, 1996. [31] Xilinx Inc., Linear feedback shift register v3.0, Online, March 2003, http://jaja.kn.vutbr.cz/kajan/lfsr.pdf.

978-1-4577-0447-5/11/$26.00 2011 IEEE

173

Fig. 4.

Waveform after key generation.

Fig. 5.

Waveform after encryption.

978-1-4577-0447-5/11/$26.00 2011 IEEE

174

[32] , Linear feedback shift register in virtex devices, Online, April 2007, http://www.xilinx.com/support/documentation/ application notes/xapp210.pdf.

978-1-4577-0447-5/11/$26.00 2011 IEEE

175