Mobile devices have reached a wide development range and proved its assistance in health care with the combination of Cloud Server. The health monitoring offers various services such as monitoring of physiological data through remote sensors. These are achieved in collaboration with Cloud Servers providing software as a service, thus providing healthcare solutions at low cost. But there is a high risk of security violation of patient’s private data as there is a lack of data management. The proposed approach identifies the existing system’s design problems and proposes private key proxy re-encryption scheme that helps in reduction of computation complexity of securing data. This system is used to transmit patient’s personal information from smart mobile phone to a monitoring system installed by a health service provider in cloud, such that the third party collaborator of the healthcare company is then responsible for private key distribution to clients which can be used for querying his data. When the user requires accessing his data, he/she passes the private key and the healthcare company index to the collaborator, who in turn inputs the master key to the cloud that provide parallel access to the databases. The user finally receives a token from collaborator and pass to the cloud, which respond back to the user with semi-decrypted data and final decryption takes place at the end user’s place. Hence the cloud has no reach to unencrypted private data of the user. Also the advantage of this model is drastically reduces the workload of encryption/decryption tasks by outsourcing them to the cloud server.
|Private key proxy re-encryption, Outsourcing Decryption, Triple DES algorithm, Security
|In recent years, cloud computing is gaining much momentum in the IT industry. Especially, we have seen the dramatic
growth of public clouds, in which the computing resources can be accessed by the general public. Advancing the field of
health informatics has been listed as one of the engineering grand challenges for the current century. Activities in this field
include acquiring, controlling, and using biomedical information, from personal level to global levels, to improve the
quality and efficiency of medical care and the response to widespread public health emergencies. Predominantly, in the
personal level, biomedical engineers envision “a new system of distributed computing tools that will collect authorized
medical data about people and store it securely within a network designed to help deliver quick and efficient care. In this
direction, several technological advances and new concepts, such as medical devices, Body Area Networks, pervasive
wireless broadband communications and Cloud computing are enabling advanced mobile health-care services that benefit
both patients and health professionals. Especially, they enable the development of a system to perform remote real-time
collection, distribution and analysis of medical data for the purpose of managing chronic conditions and detecting health
emergencies. The key problem of storing encrypted data in the cloud lies in revoking access rights from users. A user
whose authorization is revoked will still retain the keys issued previously, and thus can still decrypt data in the cloud. This
solution will lead to a performance bottleneck, particularly when there are frequent user revocations .
|In such a remote mHealth monitoring system, a client could arrange portable sensors in wireless body sensor networks
to collect various physiological data, such as blood pressure (BP), breathing rate (BR), Electrocardiogram (ECG/EKG), peripheral oxygen saturation (SpO ) and blood glucose. Such physiological data are sent to a central server, which could run
various web medical applications on these data to return timely guidance to the client.
|Besides, the current trend is more focused on protection against intrusions while there is little effort on protecting clients
from business collecting private information. Many companies have significant commercial interests in collecting clients’
private health data  and sharing them with either insurance companies, research institutions or the government agencies.
The collected information from an mHealth monitoring system could contain clients’ personal physical data such as their
heights, weights, blood types, and ultimate personal identifiable information such as their fingerprints and DNA profiles
|Another major problem in addressing security and privacy is the computational workload involved with the
cryptographic techniques. With the presence of cloud computing services, it will be wise to shift thorough computations to
cloud servers from mobile devices. However, achieving this effect without compromising privacy and security becomes a
great challenge, which should be suspiciously investigated. As an important remark, our design here mainly focuses on
insider attacks, which could be provided by either malicious or nonmalicious insiders. For instance, the insiders could be
unhappy employees or healthcare workers who enter the healthcare business for criminal purpose , . It was reported
that 32% of medical data breaches in medical establishments between January 2007 and June 2009 were due to insider
attacks , and the incident rate of insider attacks is rapidly increasing . The insider attacks have cost the victimized
institutions much more than what outsider attacks have caused . Furthermore, insider attackers are generally much harder
to deal with because they are generally sophisticated professionals or even criminal rings who are adept at escaping
intrusion detection . On the other hand, while outsider attacks could be easily prevented by directly adopting
cryptographic mechanisms such as encryption, it is nontrivial to design a privacy preserving mechanism against the insider
attacks because we have to balance the privacy constraints and maintenance of normal operations of mHealth systems.
|We integrate the recently proposed outsourcing decryption technique  into the underlying multidimensional range
queries system to shift clients’ computational complexity to the cloud without revealing any information on either clients’
query input or the decrypted decision to the cloud. We recommend a further improvement, which is most important to our
final scheme. It is based on a new alternative key private proxy reencryption scheme, in which the company only needs to
accomplish encryption once at the setup phase while shifting the rest computational tasks to the cloud without
compromising privacy, additionally reducing the computational and communication burden on clients and the cloud.
II. RELATED WORK
A. Mobile Cloud for Assistive Healthcare (MoCAsH)
|This paper proposes a Mobile Cloud for Assistive Healthcare infrastructure. The infrastructure addresses the limitations
of our earlier Active Grid infrastructure, invoke Cloud computing features such as user easy access, elasticity of resources
demands, scalability of infrastructure, and metered usage and accounting of resources. The innovative infrastructure also
addresses a number of issues with current Cloud architecture including some security and privacy issues, data protection
and ownership. P2P paradigm is deployed to federate clouds that may belong to different administrators to address security,
data protection and ownership. Part of the infrastructure has been implemented or migrated from the Active Grid .
B. The Era of Cloud Computer
|Cloud-Computing helps provide the best efficiency for human beings, and it presents acquisition (user interface
service), business (marketing driven usage), access (internet & intranet), and technology (unlimited, dynamic and flexible).
For example, the heart beat detection can be detected by the portable sensors which typically send the health information
though the RFID, gather into the media gateway, and then upload it to the public server system. Within a few seconds, the
animated heart graphic with the calculated data soon replies back to the wireless network gateway, displaying the 3D
graphics of heart in order to prevent the heart stroke or monitor diseases. All this concert is going through the wireless RF
methodology, and its arithmetic process is finished by the remote computing servers that decrease the loading of mobile media devices. The remarkable value is the lowest cost for common users and the capability to provide the best medical
care from the integration of the cyber system .
C. A Cloud Based Web Analysis and Reporting of Vital Signs
|The solution was built by converting an ordinary stethoscope into a digital one by implanting a Bluetooth microphone in
the stethoscope ear piece. This enables a smart phone to record and store stethoscope audio signal. A Matlab program is
written to demonstrate analysis of audio recording. The program contains a set of configuration parameters that can be
customized based on patient conditions and recording environment. The program analyzes the signal to extract S1 and S2
timing instants. Before analysis, the noise is reduced by passing the signal through filter that removes frequency bands
outside the signal range. A new algorithm is presented based on two passes search of signal peaks. The paper also presents
a new approach for visualizing regularity of heart beats by fitting the measured S1 and S2 timing and plotting norms of
D. Leveraging Mobile Cloud for Telemedicine
|Leveraging the modern advances in mobile technologies and cloud computing, telemedicine is on the limit of a
substantial transformation that will make stronger the effectiveness and efficiency of healthcare delivery.
|In this paper, we present a preliminary performance study of mobile cloud to demonstrate its potential in performing
continuous health monitoring in daily life and achieving higher diagnostic accuracy. Our findings also unveil the limitations
of existing mobile devices in performing telemedicine by themselves. As shown in Fig: 2.1 mobile devices can be used to
acquire various physiological signals from a set of ambient/body sensors. To alleviate intensive computations and extend
the battery life of mobile devices, the acquired physiological signals will be transferred to a cloud service environment to
perform desired, computation-intensive algorithmic signal processing. The processed results, recognized abnormalities, or
analytical alarms will be automatically archived in the cloud or sent to the mobile devices owned by patients, physicians, or
emergency teams. This application mode can be of particular significance to patients whose physiological signals need to
be monitored continuously .
III. IMPORTANT CRYPTOGRAPHIC BUILDING BLOCKS
|Many encryption schemes are used in cloud for security. These algorithms are Homomorphic Encryption, Private Key
Proxy re-encryption ,Attribute based encryption, Outsourcing Decryption scheme and triple-DES encryption schemes are
1. Homomorphic Encryption:
|Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without
compromising the encryption. The homomorphic encryption describes the transformation of one data set into another while
preserving relationships between elements in both sets. Uses of Homomorphic encryption is expected to play an important
part in cloud, allowing companies to store encrypted data in a public cloud and take advantage of the cloud providers
|Intuitively, for homomorphic encryption HEnc(.), given two encrypted messages HEnc(m1) and HEnc(m2) , the
encryption of the addition of the two underlying messages can be computed as follows: HEnc(m1+m2)= HEnc(m1)
*HEnc(m2) , where * is the corresponding operation in the ciphertext space. A typical homomorphic encryption scheme
was proposed by Paillier cryptosystem , .
|2. Private Key Proxy re-encryption:
|We initiate by specifying the input/output behavior of a proxy re-encryption scheme . For simplicity, we consider a
definition for unidirectional, single-hop PREs. By single-hop, we indicate that only original ciphertexts (and not reencrypted
ciphertexts) can be re-encrypted. One might extend the basic notions of our security and key privacy definitions
for multi-hop schemes, but this requires a more involved definition of when users become distort, and may be more
appropriate for CCA-secure schemes.
|A unidirectional, single-hop, proxy re-encryption scheme is a tuple of algorithms Π= (Setup, KeyGen, ReKeyGen, Enc,
ReEnc, Dec) for message space M:
|• Setup(1k) → PP. On input security parameter 1k, the setup algorithm outputs the public parameters PP.
|• KeyGen(PP) → (pk, sk). On input public parameters, the key generation algorithm KeyGen outputs a public key
pk and a secret key sk.
|• ReKeyGen(PP, ski, pkj) → rki→j . Given a secret key ski and a public key pkj , where i ≠ j, this algorithm outputs a
unidirectional re-encryption key rki→j . The restriction that i ≠ j is provided as re-encrypting a message to the
original recipient is impractical.
|• Enc(PP, pki,m) →Ci. On input a public key pki and a message m Ɛ M, the encryption algorithm outputs an original
|• ReEnc(PP, rki→j ,Ci) →Cj . Given a re-encryption key from i to j and an original ciphertext for i, the re-encryption
algorithm outputs a ciphertext for j or the error symbol ┴
|• Dec(PP, ski,Ci) →m. Given a secret key for user i and a ciphertext for i, the decryption algorithm Dec outputs a
message m Ɛ M or the error symbol ┴.
|A unidirectional, single-hop PRE scheme Π is correct with respect to domain M if:
|i. For all (pk, sk) Ɛ KeyGen(PP) and all m Ɛ M, it holds that Dec(PP, sk, Enc(PP, pk,m)) = m.
|ii. For all pairs (pki, ski), (pkj , skj) Ɛ KeyGen(PP) and keys rki→j Ɛ ReKeyGen(PP, ski, pkj ), and m Ɛ M, it holds that
Dec(PP, skj , ReEnc(PP, rki→j , Enc(PP, pki,m))) = m.
|3. Attribute Based Encryption:
|Attribute based encryption (ABE) , a recently invented one-to-many public-key cryptography, has the possible to
enforce the fine-grained access policies for large-scale systems. In attribute based encryption data are associated with
attributes. Access policies, defined on attributes, are compulsory within the encryption procedure. Different form traditional broadcast encryption, ABE offers the ability to encrypt data without exact knowledge of the receiver set. In this sense the
concept of ABE is closely related to Role-Based/Attribute-Based access control and suitable for large-scale application. In
attribute-based encryption (ABE), user secret key revocation is also a challenge issue.
|4. Outsourcing Decryption:
|We give new methods for efficiently and securely outsourcing decryption of ABE ciphertexts. The core change to
outsourceable ABE systems is a modified Key Generation algorithm that produces two keys. The first key is a short El
Gamal  type secret key that must be kept by the authorized user. The second key called as a TK(transformation key),
that is shared with a proxy (and can be publicly distributed). If the proxy then receives a ciphertext CT for a function f for
which the user’s credentials satisfy, it is then able to use the key TK to transform CT into a simple and short El Gamal
ciphertext CTˊ of the same message encrypted under the user’s key SK. The user is then able to decrypt with one simple
exponentiation. Our system is secure against any malicious proxy.
|Let S represent a set of attributes, and A an access structure. For generality, we will define (Ienc, Ikey) as the inputs to the
encryption and key generation function respectively. In a CP-ABE scheme (Ienc, Ikey) = (A,S), while in a KP-ABE scheme
we will have (Ienc, Ikey) = (S,A). A CP-ABE (resp. KP-ABE) scheme with outsourcing functionality consists of five
|• Setup(λ,U).The setup algorithm takes security parameter and attribute universe description as input. and outputs
are public parameters PK and a master key MK.
|• Encrypt(PK,M,Ienc).The encryption algorithm takes as input the message M, public parameters PK, and an access
structure (resp. attribute set) Ienc. It outputs the ciphertext CT.
|• KeyGenout (MK, Ikey).The key generation algorithm takes as input the master key MK and an attribute set (resp.
access structure) Ikey and outputs a private key SK and a transformation key TK.
|• Transform(TK,CT).The ciphertext transformation algorithm takes as input a transformation key TK for Ikey and a
ciphertext CT that was encrypted under Ienc. It outputs the partially decrypted ciphertext CTˊ if S Ɛ A and the error
symbol ┴ otherwise.
|• Decryptout (SK,CTˊ).The decryption algorithm takes as input a private key SK for Ikey and a partially decrypted
ciphertext CTˊ that was originally encrypted under Ienc. It outputs the message M if S Ɛ A and the error symbol ┴.
|5. Triple-DES algorithm:
|Triple Data Encryption algorithm is an encryption algorithm that is based on the Data Encryption Standard encryption
algorithm. The size of block is 64 bits and the key sizes are 168, 112, or 56 bits. The input key sizes are 3 64 bit keys,
which are shortened to 56 bits because of the internal key scheduler. The block of data is encrypted 3 times with each of the
keys according to the keying options:
|Keying Option 1: All the keys are independent.
|Keying Option 2: K1 & K2 are independent and K3 = K1.
|Keying Option 3: All keys are identical (i.e. K1=K2=K3).
|It reinforces DES by expanding the key space which is it's main weakness and protects itself from brute force attacks.
Today TDEA is widely used.
|Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits).
|The encryption algorithm is: ciphertext = EK3(DK2(EK1(plaintext)))
|i.e., DES encrypt plaintext with K1, and DES decrypt with K2, finally DES encrypt with K3.
|Decryption is the reverse: plaintext = DK1(EK2(DK3(ciphertext)))
|i.e., decrypt ciphertext with K3, and encrypt with K2, finally decrypt with K1.
|In each case the middle operation is reverse of the first and last. This algorithm mainly improves the strength of the
IV. PROBLEM DEFINITION
|In our existing system with the pervasiveness of Cloud-assisted networks the Healthcare which extends the operation of
Healthcare provider into a pervasive environment for better health monitoring is not governed properly by the trust
authority. The privacy disclosure and the high reliability of distributed system over single cloud process and transmission in
Healthcare emergency monitoring is not an efficient user-centric privacy access control on CAM. For healthcare
infrastructure there may be several serious issues concerning security, data protection and ownership and quality of services
need to be resolved before Cloud computing can be widely adopted. This analysis exhibit the key for an authenticated token
providence in the Cloud for Assistive Healthcare as an infrastructure for assistive healthcare. Healthcare business with
criminal purposes may affect our system which is a drawback in our existing algorithm, and also Several serious issues
concerning security and data protection paradigm .
V. PROPOSED WORK
|In this paper, propose a secure and privacy-preserving opportunistic computing framework for the Healthcare
Emergency. To improves the performance evaluation via extensive simulations and parallel database. We can provide high
reliability and transmission for minimizing the privacy disclosure .Cloud computing can be widely adopted to address these
concerns, and this paper propose a new solution that includes in a cloud platform designed to deal with those issues that are
relevant for an assistive healthcare infrastructure.
|Our design of the proposed system consists of four parties: the cloud server (simply the cloud), the company which
provides the mHealth monitoring service (i.e., the healthcare service provider), and the individual clients (simply clients), and a trust authority (TA), as shown in Fig: 5.1. The company stores its encrypted monitoring data in the cloud. Individual
clients collect their medical data and store them in their mobile devices, which then transform the data into cloud. TA is
responsible for distributing private keys to clients and collecting service fees from clients according to a certain business
model such as “pay-per-use” model. TA can be considered as a collaborator or a management agent for a company (or
several companies) and thus shares certain level of mutual business interest with the company. In the following, we will
briefly introduce steps for this paper. We only illustrate the functionality of these components here. Because the detailed
input and output of those steps might vary in different schemes, we leave more details wherever needed.
|Fig: 5.2 shows First step the company collect the patients, doctors and hospitals information’s, which is encrypted under
the respective triple-DES algorithms. Then the company will deliver the resulting ciphertext and its company index to the
cloud, which corresponds to the algorithm in the context.
|Fig: 5.3 shows the clients request the particular patient information from the cloud server. Then the client sends the
company index to TA, and the trust authority (TA) provides authorization to the requested individual clients. After that TA
generates the token and provided to the particular client
|Finally, the client delivers the token to the cloud, which runs the phase. The cloud using the parallel concept to
completes the major computationally intensive task for the client’s decryption (triple-DES) and returns the partially
decrypted ciphertext to the client. The client then completes the remaining decryption (triple-DES) task after receiving the
partially decrypted ciphertext and obtains its decryption result. These are shown in fig: 5.4. The cloud obtains no useful
information on either the client’s private key input or decryption result after running the phase.
|• Advantages of Proposed system:
|1. The Security level is increased in the health care monitoring solution.
|2. Using the parallel computing concept to increase the performance.
|It is cost prohibitive for many individual healthcare systems to support the investment in the equipment,
technology, personnel, and ongoing training required to deliver the highest level of data security. To protect the clients’
privacy, we apply the triple-DES encryption. To reduce the decryption complexity, we apply recently anticipated
decryption outsourcing with privacy protection to shift clients pairing computation to the cloud server. We also introduce
the parallel computing concept to accessing the database. So the accessing time are reduced. Finally, to enable resourceconstrained
small companies to participate in mHealth business, our design helps them to shift the computational burden to
the cloud by applying newly developed key private proxy reencryption technique. Our system has been shown to achieve
the design objective.
VII. FUTURE ENHANCEMENT
|It can also secure health care information in the form of images in an encrypted form once after getting authenticated
through trust authority. Preserving health care information in an globalised way can also be helpful in pattern matching
strategy to analyze new diseases.
Figures at a glance
- A. Tsanas, M. Little, P. McSharry, and L.Ramig, “Accurate telemonitoring of parkinson’s disease progression by noninvasive speech tests,” IEEE
- Trans. Biomed. Eng., vol. 57, no. 4, pp. 884–893, Apr. 2010.
- N. Singer, “When 2 2 equals a privacy question,” New York Times, Oct. 18, 2009 [Online]. Available: http://www.nytimes.
- P. Baldi, R. Baronio, E. D. Cristofaro, P. Gasti, and G. Tsudik, “Countering gattaca: Efficient and secure testing of fully-sequenced human
- genomes,” in Proc. ACM Conf. Computer and Communications Security, 2011, pp. 691–702.
- P. Institute, Data Loss Risks During Downsizing, 2009. P. Dixon, “Medical identity theft: The information crime that can kill you,” in Proc. The World Privacy Forum, 2006, pp. 13–22. K. E. Emam and M. King, The Data Breach Analyzer 2009 [Online].Available: http://www.ehealthinformation.ca/dataloss. E. Shaw, K. Ruby, and J. Post, “The insider threat to information systems: The psychology of the dangerous insider,” Security Awareness Bull.,vol. 2, no. 98, pp. 1–10, 1998.
- M. Green, S. Hohenberger, and B.Waters, “Outsourcing the decryption of abeciphertexts,” in Proc. Usenix Security, San Francisco, CA, USA,Aug. 8–12, 2011, pp. 34–49.
- Huang Lin, Jun Shao, Chi Zhang, and Yuguang Fang, Fellow “CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring,”IEEEtransactions on information forensics and security, vol. 8, no. 6, june 2013.
- Doan B. Hoang, Lingfeng Chen,” Mobile Cloud for Assistive Healthcare (MoCAsH),” 2010 IEEE Asia-Pacific Services Computing Conference.
- Chih-Chin Yang, J. T. Huang,” The Era of Cloud Computer thru Bio-Detecting and Open-Resources to Achieve the Ubiquitous Devices,” 2012International Symposium on Computer, Consumer and Control.
- Yazan A Alqudah, Esam A AlQaralleh,” A Cloud Based Web Analysis and Reporting of Vital Signs,” IEEE 2012.
- Xiaoliang Wang, QiongGui, Bingwei Liu, Yu Chen, and ZhanpengJin,” Leveraging Mobile Cloud for Telemedicine: A Performance Study inMedical Monitoring,” 2013 39th Annual Northeast Bioengineering Conference.
- PierluigiFailla, Riccardo Lazzeretti, Ahmad-Reza Sadeghi, and Thomas Schneider, Privacy-Preserving ECG Classification With BranchingPrograms and Neural Networks, IEEE transactions on information forensics and security, vol. 6, no. 2, june 2011.
- P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. UROCRYPT, 1999, pp. 223–238.
- I. Damgard and M. Jurik, “A generalisation, a simplification and some applications of paillier’s probabilistic public-key system,” in Public KeyCryptography, ser. Lecture Notes in Computer Science, K. Kim, Ed. New York, NY, USA: Springer, 2001, vol. 1992, pp. 119–136.
- Giuseppe Ateniese, Karyn Benson, Susan Hohenberger,” Key-Private Proxy Re-Encryption,” January 22, 2009.
- Shuchengyu, Data sharing on untrusted storage with Attribute-based encryption,july2010.
- Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In CRYPTO, pages 10–18, 1984.
- Matthew Green, Susan Hohenberger, Brent Waters, ”Outsourcing the Decryption of ABE Ciphertexts,” University of Texas at Austin.