Secure Sharing and Access Control of
Personal Health Record in cloud Computing

T.Radhika; S.Vasumathi Kannagi

Secure Sharing and Access Control of Personal Health Record in cloud Computing

T.Radhika¹, S.Vasumathi Kannagi²

P.G.Scholar, Department of Computer Science and Engineering, Info Institute of Engineering, Coimbatore, India
Assistant Professor, Department of Computer Science and Engineering, Info Institute of Engineering, Coimbatore, India

Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

Cloud computing is one of the most advanced technology in recent years. Since this new computing technology requires users to entrust their data to cloud providers.Personal health record (PHR) is an patient-centric model of health information exchange in which the information are outsourced to be stored at the third party server, called as cloud providers, such that security and privacy of the outsourced data should be preserved.Here the user type of each user is organized in a hierarchical manner and it represents the hierarchical structure of the users. The patient details are encrypted using Hierarchical Attribute Set Based Encryption technique. Role of one user is encrypted to another user such that scalability, access control and efficient user revocation is achieved and also it proves the security of HASBE based on security of the Cipher text-Policy Attribute-Based Encryption (CP-ABE) scheme and analyse its performance and computational complexity.

KEY WORDS

HASBE, cloud computing, personal health records, fine-grained access control

I. INTRODUCTION

Cloud computing enables users to remotely store their data in a cloud. Moving data from the user side to the cloud provides a great convenience to users, so that user can access data in the cloud anywhere at any time. Especially for small and medium-sized enterprises with limited budgets, they can achieve cost savings and the flexibility to scale investments on-demand, by using cloud-based services tomanage projects, enterprise-wide schedules and the contacts. An untrustworthy cloud service provider(CSP) may sell the confidential information about an enterprise to its business person for making a profit. Therefore, to keep the sensitive data confidential the particular data is encrypted and stored in the cloud.

Personal health record (PHR) is an patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers.Shucheng Yu et.al[1]have proposedAchieving Secure, Scalable, And Fine-Grained Data Access Control In Cloud Computing enables the data owner to delegate tasks of data file reencryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. We achieve our design goals by exploiting a novel cryptographic primitive, namely key policy attributebased encryption (KP-ABE) and uniquely combine it with the technique of proxy re-encryption (PRE) and lazy reencryption.

II. RELATED WORK

User secret keys are defined to reflect their access structures so that a user is able to decrypt a ciphertext if and only if the data file attributes satisfy his access structure. Such a design also brings about the efficiency benefit, as compared to previous works, in that, the complexity of encryption is just related the number of attributes associated to the data file, and is independent to the number of users in the system; and data file creation/deletion and new user grant operations just affect current file/user without involving system-wide data file update or re-keying. One extremely challenging issue with this design is the implementation of user revocation, which would inevitably require re-encryption of data files accessible to the leaving user, and may need update of secret keys for all the remaining users.Cong Wang et.al [2] have proposed attribute based data sharing with attribute revocation for IBE, which is also applicable to KP-ABE and fuzzy IBE. Ming Li et.al [3] have proposed authorized private keyword search over encrypted personal health records in cloud computing is a fine-grained authorization framework in which every user obtain search capabilities under the authorization of local trusted authorities (LTAs), based on checking for user’s attributes. The central TA’s task is reduced to minimum, and can remain semi-offline after initialization. Using an obtained capability, a user can let the cloud server search through all owner’s encrypted PHRs to find the records that match with the query conditions. Our framework enjoys a high level of system scalability for PHR applications in the public domain. Josh Benaloh et.al [4] have proposed patient controlled encryption: ensuring privacy of electronic medical recordsrefer to as Patient Controlled Encryption (PCE) as a solution to secure and private storage of patients’ medical records. PCE allows the patient to selectively share records among doctors and healthcare providers. The design of the system is based on a hierarchical encryption system. The patient’s record is partitioned into a hierarchical structure, each portion of which is encrypted with a corresponding key. Ting-Yu et.al [5]have proposed a unified scheme for resource protection in automated trust negotiationin centrally managed security domains. Every entity that can take actions within such a system has one or more identities in that domain. The system grants or denies an entity's requests to access certain resources according to its access control policies and the authenticated identities of the requester. underlying assumption is that entities in the system already know each other.Amit Sahai et.al [6] have proposed ciphertext-policy attribute-based encryption in which, a user will only be able to decrypt a ciphertext if that user’s attributes pass through the ciphertext’s access structure. In this work, we provide the first construction of a ciphertext-policy attribute-based en-cryption (CP-ABE) to address this problem, and give the first construction of such a scheme. In our system, a user’s private key will be associated with an arbitrary number of attributes expressed as strings. Kristin Lauter [7] have proposed automated trust negotiation using cryptographic credentials have been developed to address oblivious signature. Brunelli.D [7] have proposed cloud computing and emerging it platforms:vision, hype, and reality for delivering computing as the 5th utilityconsisting of services that are commoditized and delivered in a manner similar to traditional utilities such as water, electricity, gas, and telephony. In such a model, users access services based on their requirements without regard to where the services are hosted or how they are delivered. Amit Sahai et.al [10]have proposed fuzzy identity-based encryptionis a new type of Identity-Based Encryption that we call Fuzzy Identity-Based Encryption in which we view identities as a set of descriptive attributes. In a Fuzzy Identity-Based Encryption scheme, a user with the secret key for the identity is able to decrypt a cipher text encrypted with the public key 0 if and only if and 0 are within a certain distance of each other as judged by some metric. Mrinmoy Barua et.al [11] have proposed principles of policy in secure groupsa group security policy defined as a statement of the entirety of security relevant parameters and facilities used to implement the group. This best fits the viewpoint of policy as defining how security directs group behaviour, who are the entities allowed to participate, and which mechanisms will be used to achieve mission critical goals.

The remainder of this paper is organized as follows. Section III explains the proposed system of this paper. Section IV discusses the results of proposed system. Section V draws some conclusion. Finally, Section VI discusses the future work.

III. PROPOSED SYSTEM

1.User Interface Design

The goal of user interface design is to make the user's interaction as simple and efficient as possible, in terms of accomplishing user goal. Good user interface design facilitates to completing the task. Graphic design may be utilized to support its usability. The design process must balance technical functionality and visual elements to create a system that is not only operational but also usable and adaptable to changing user needs.

2. Cloud Provider

A service provider offers customers storage or software services available through cloud. Services made available to users on demand in which cloud provider's provide a service in ondemand to the data owners.The cloud service provider manages a cloud to provide data storage service in which data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner.

3. Domain Authorities

A domain authority is trusted by its subordinate domain authorities or users that it administrates, but may try to get the private keys of users outside its domain. Users access data files with the scope of their access privileges, according to the provider provide a service. So malicious users may collude with each other to get sensitive files beyond their privileges. The trusted authority acts as the root of trust and authorize the top-level domain authorities. A domain authority is trusted by its subordinate domain authorities or users that it administrates, but may try to get the private keys of users outside its domain.

4. Trusted Authority

The trusted authority is the root authority and it is used to check the integrity of the data files which is send to the domain authority. Each top-level domain authority belongs to a top-level organization, such as a federated enterprise, while each lower-level domain authority belongs to a lower-level organization, such as an affiliated company in a federated enterprise. Data owners/consumers may correspond to employees in an organization.

5. Data Control System

In ASBE scheme, Only users with decryption keys whose associated attributes, specified in their key structures, satisfy the access structure can decrypt the cipher text.

Key Structure:We use a recursive set based key structure as in where each element of the set is either a set or an element corresponding to an attribute.

New File Creation: To protect data stored on the cloud, a data owner first encrypts data files and then stores the encrypted data files on the cloud. Before uploading to the cloud, a data file is processed by the data owner as follows:

• Pick a unique ID for this data file.

• Randomly choose a symmetric data encryption key, where is the key space, and encrypt the data file .

.User Revocation: Wheneverthere is a user to be revoked, the system must make sure the revoked user cannot access the associated data files any more. One way to solve this problem is to re-encrypt all the associated data files used to be accessed by the revoked user, but we must also ensure that the other users who still have access privileges to these data files can access them correctly.ASBE inherits the advantage of efficient user revocation. We add an attribute to a user’s key, which indicates the time until which the key is considered to be valid. Then the policy associated with data files can include a check on the attribute as a numerical comparison.

IV. DISCUSSION ON RESULTS

Personal Health Record contains personal information in which the cloud providers used to provide the service for the users to share personal information.

By sharing of information each user type can only have the permission to access their record. The proposed system using HASBE ensures the scalability and efficiency of sharing only the encrypted data with the users. The parameters are discussed as,

1)Efficiency

The figure 1.shows that efficiency is increased in the propsed system using HASBE, because sharing of information is encrypted and each user type can access the information with their privilages provided by the cloud providers,so that the performance of HASBE is increased compared to the existing system of ABE.

2)Scalability

The figure 2.shows that scalability is increased in the proposed system using HASBE,The domain and trusted authority is used because of using the trusted authority,the delegating key is maintained. So that the user can share a information in a scalable manner.

IV. CONCLUSION

In this paper, theissues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, has been analyzed. The proposed framework of secure sharing of personal health records in cloud computing,considering partially trustworthy cloud servers, we argue that to fully realize the patient-centric concept, patients shall have complete control of their own privacy through encrypting their PHR files to allow fine-grained access. The framework addresses the unique challenges brought by multiple PHR owners and users, in that we greatly reduce the complexity of key management while enhance the privacy guarantees compared with previous works. We utilize ABE to encrypt the PHR data, so that patients can allow access not only by personal users, but also various users from public domains with different professional roles, qualifications, and affiliations.

References

Kui Ren, Ming Li, Shucheng Yu, Wenjing Lou, Yao Zheng, and “Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute Based Encryption” IEEE Transactions On Parallel And Distributed Systems, Vol. 24, No. 1, January 2013.
Cong Wang, Kui Ren, Shucheng Yu and Wenjing Lou “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing”, INFOCOM, 2010 Proceedings IEEE,march 2010.
Cong Wang, Kui Ren, Shucheng Yu “Attribute Based Data Sharing with Attribute Revocation”, ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security 2010.
Amit Sahaiz,Brent Waters, Omkant Pandeyy, Vipul Goyal“Attribute-Based Encryption for Fine-Grained Access Control”, CCS '06 Proceedings of the 13th ACM conference on Computer and communications security 2006 .
Ming Li, Ning Cao, Shucheng Yuy and Wenjing Lou “Authorized private keyword search over encrypted personal health records in cloud computing”,Distributed Computing Systems (ICDCS), 2011 31st International Conference, June 2011
Josh Benaloh, Kristin Lauter, ric Horvitz, Melissa Chase “Patient controlled encryption: ensuring privacy of electronic medical records”, CCSW '09 Proceedings of the 2009 ACM workshop on Cloud computing security.
Ting-Yu,Winnslett.M, “A Unified Scheme for resource protection in automated trust negotiation”, Security and Privacy 2003 Proceedings, May 2003.
Amit Sahai, Brent Waters, Carnegie Mellon, John Bethencourt “ciphertext-policy attribute-based encryption”,Security and Privacy, May 2007
Kristin Lauter “Automated trust negotiation using cryptographic credentialsutility cloud computing and emerging it platforms:vision, hype, and reality for delivering computing”,Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference Dec 2010.
Brunelli.D “Cloud computing and emerging it platforms:vision, hype, and reality for delivering computing as the 5th utility “, Volume 25, Issue 6, June 2009
Amit Sahai, Brent Waters, “fuzzy identity-based encryption”,CCS '08 Proceedings of the 15th ACM conference on Computer and communications security 2008
Mrinmoy Barua, Xiaohui Liang,“Principles of policy in secure groups PEACE: An Efficient and Secure Patient-centric Access Control Scheme for eHealth Care System”,Computer Communications Workshops,IEEE Conference April 2011