INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN : 378 - 26 - 138420 - 6
CPLM: Cloud Facilitated Privacy Shielding Leakage Resilient Mobile Health Monitoring R.Jasmine Anita
A.Narayana Rao
(M. Tech)Dept. of CSE SITE Tirupati, India jasmineanitar@gmail.com
Asst. Professor, Dept. of CSE SITE Tirupati, India
Abstract— Cloud-assisted mobile health (mHealth) monitoring is a revolutionary approach to provide decision support in the health care sector. It employs mobile communications and cloud computing technologies to provide timely feedback. Its main objective is to not only improve the quality of healthcare service but also to decrease the healthcare expenditure. In spite of the benefits it offers, needless to say the acceptance of such a mobile health monitoring system is affected as it doesn’t shield the privacy of the patients’ data and also the data of the health care service providers. As a result of which the wide deployment of mHealth technology is hindered and the patients’ willingness to get involved in such a mobile health care monitoring program is abated. Cloud Facilitated Privacy Shielding Leakage Resilient Mobile Health Monitoring addresses the fore mentioned limitations by offering a privacy shield to the involved parties and their data in addition to handling the side channel attack. To take into consideration the resource constraints of the parties involved, the outsourcing decryption technique and a key private proxy re-encryption are implemented to shift the computational complexity of the privacy shielding scheme to the cloud without compromising the privacy of the clients and that of the service providers. The side channel attack is handled by implementing a Virtual machine policing approach.
data could be then transferred to a central server. The server in turn would then run various web medical applications on these data to return timely feedback to the patient. With the emergence and evolution of the cloud computing technologies, the Software as a Service(SaaS) model and pay as you go business model can be incorporated in cloud computing to provide a feasible solution. This would allow small health care service providers to perform well in the health care market. Cloud facilitated mHealth monitoring promises improved health care services and reduced health care costs. In spite of the many promises offered, to make this technology a reality one has to overcome a stumbling block. While collecting, storing, diagnosing, communicating and computing, there is a chance that the privacy of the patients is breached. This calls for proper addressing of the data management in a mHealth monitoring system. Statistics reveal that around 75% of the Americans attach utmost significance to the privacy of their personal health information [2]. A study also reveals [3] that patients’ concern regarding the privacy breach of their health data could deteriorate the willingness of the patients to be involved in such health care monitoring programs. This privacy apprehension will be inflamed owing to the increase in the privacy breaches involving electronic data. Many organizations collect patients’ personal health data [4] and the data is shared with insurance organizations, research organizations or even other government institutions. The activities of the health care service providers should be restricted efficiently to achieve real protection to patients’ personal data as a study reveals [5] that privacy laws could not guarantee a privacy shield to the patients’ personal health data. Conventional privacy protection techniques work by detaching personal identity information such as names or social security number or by using anonymization techniques. Such conventional techniques are not an effective means to deal with the privacy of mobile health care systems owing to the increase in the amount and diversity of personally identifiable information [6]. Personal Identifiable Information (PII) can be defined as any piece of information related to a uniquely identifiable individual [7]. In practice however any piece of information can be transformed in to personal identifiable information [6]. The mobile health monitoring system offers a tremendous opportunity to intruders to lay
Keywords— Key private proxy re-encryption, Privacy Shield, Outsourcing decryption, Virtual Machine Policing.
I.
Introduction
Mobile devices especially smart phones attached with low cost sensors have found their application in every field in and around the world. Employing such smart phones improves the health care service quality in terms of time and effort. One of the successful examples of mobile health applications in the developing countries is the Remote Mobile Health Monitoring. MediNet is a successfully launched project which has been designed to be used in the remote places of the Caribbean countries. It was launched by Microsoft and has been employed to monitor the health condition of the patients suffering from diabetes and cardio vascular diseases [1].when such a remote mHealth monitoring system is used, various physiological data ranging from blood pressure to blood glucose could be collected by deploying detachable sensors in wireless body sensor networks. The collected physiological
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 123
www.iaetsd.in
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
their hands on a large quantity of information which could be used to ultimately identify the corresponding individual. This calls for the utmost attention as an intruder may be able to identify the corresponding individual using such sensitive information [8], [9]. Conventional anonymization techniques have been used to handle the privacy issues. K-anonymity and l-diversity are instances of such anonymization techniques. It has been shown that such techniques are not sufficient to completely prevent re-identification [6]. It is our ardent belief that the proposed CPLM will not only serve as a feasible solution to the privacy related problems in a mobile health care system but also will serve as an alternative solution to the privacy-sensitive users. To address the security and the privacy, cryptography is a viable solution. While using cryptographic techniques, one significant problem that needs to be taken into consideration is the increased computational complexity. In the cloud computing environment, discretion calls for shifting intensive computations to the cloud servers from the mobile devices where resources are constrained. To successfully shift the computations from the mobile devices to the cloud server without compromising privacy and security is challenging and calls for a thorough investigation. The CPLM design emphasizes on the insider attacks. Such attacks could be carried out by insiders either with a malicious or a benign intent. It is very important to design a privacy shielding mechanism to counteract the insider attacks without failing to maintain equilibrium between implementing privacy constraints and maintaining the normal operations of the mobile health systems. The problem is aggravated in the case of cloud facilitated mobile health systems as it is extremely essential to not only ensure that the privacy of the clients’ data is shielded but also to ensure that the results are shielded from the cloud servers as well as the health care service providers aka the companies. The CPLM scheme enables the health care service provider aka the company to be offline after the initial stage and ensures that the data or programs delivered to the cloud is done securely. Outsourcing decryption technique [10] is incorporated in to the multi-dimensional range queries system in order to shift the computational complexity from the client to the cloud server. The proxy re-encryption scheme ensures that the computational complexity is shifted to the cloud from the company as the company has to perform encryption only once.
II.
ISBN : 378 - 26 - 138420 - 6
devices. The data is then transformed into tokens. The transformed tokens are delivered as inputs to the encrypted monitoring program stored in the cloud server through a mobile device. The responsibility of generating and distributing tokens or private keys lies with a semi trusted authority. The STA collects a service fee from the clients as per a business model for instance pay-as-you-go business model. The STA can be considered as a confederate or an ally for a company or multiple companies. The company and the STA can connive to obtain personal health data from the client tokens or input vectors. In this CPLM design it is assumed that the cloud server is neutral, in other words it is assumed that the cloud does not connive with the company or a client to cause damage to the other side. It is still possible for the cloud to connive with the other entities of the CPLM such as the STA and it is left for future consideration. It is also assumed that an individual client doesn’t connive with other clients. CPLM involves four major phases- SecParam, Setup, Store, TokenGen and Query. To start with, the cloud server determines the rate at which the Police VM is scheduled based on the inputs from the clients and the company. At the initialization step, the STA runs the Setup phase which results in the publishing of the system parameters. The next phase corresponds to the Store algorithm in which the mobile health monitoring program is expressed as a branching program. The branching program is encrypted. The resulting cipher text and the company index are delivered to the cloud by the company. When a client wants to access the cloud for a mobile health monitoring program, the j-th client in collaboration with the STA runs the TokenGen algorithm. The j-th client sends the company index and the private query input to the STA, the STA in turn inputs its master secret key to the algorithm. This results in the generation of tokens which are supplied to the client. In this entire process, the STA doesn’t obtain any nontrivial information about the submitted query. During the final phase, the tokens are delivered by the client to the cloud which in turn runs the Query phase. A major chunk of the computationally intensive task of decryption is performed by the client and the partially decrypted text is returned to the client. The client decrypts the partially decrypted text to obtain the decryption result. During the entire process the cloud can deduce no significant information in either the clients’ private query or the decryption result. The CPLM also prevents the cloud from obtaining significant information from either the clients’ private query or from the received information from the client.
SYSTEM MODEL
III.
The Cloud facilitated Privacy Shielding Leakage Resilient Mobile Health Monitoring system (CPLM) comprises of four parties- the cloud server aka the cloud, the health care service provider which provides the mobile health monitoring service aka the company, the clients and a semi trusted authority (STA). The monitoring data or program is encrypted prior to its storage in the cloud server. The clients collect their personal medical data and the data is stored in their mobile
SOME PRELIMINARIES AND BUILDING BLOCKS
A. Bilinear Maps Pairing is one of the building blocks of the CPLM design. An efficiently computable, non-degenerate function e: G×G→GT which satisfies the bilinearity property defines pairing. The bilinearity property states that e(gp,gq) = e(g,g,)pq for any p,q ∈ Z*q. Z*q is a finite field modulo q, G and GT are
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 124
www.iaetsd.in
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
multiplicative groups of prime order q generated by g and e(g,g) respectively.
ISBN : 378 - 26 - 138420 - 6
original message. The STA deduces no useful information on the client’s identity id. The cloud also cannot deduce any useful information regarding the client identity id.
B. Branching Program A binary branching program is a triplet ({m1, …, mk}, L, R). The first element of the triplet is a set of nodes in the binary branching tree. The internal nodes represent the intermediate decision nodes while the leaf nodes represent the label nodes. A decision node is represented as an attributethreshold pair (ai, t i), where ai represents the attribute index and ti represents the threshold value. The attribute value supplied by the client vai is compared with the threshold value ti. At each decision node i, if vai ≤ ti then L(i) becomes the index of the next node. If vai > ti then R(i) becomes the index of the next node. The label nodes contain classification information. The nodes are traversed starting from the root node by comparing the value supplied by the client with the threshold value until one of the label nodes is reached.
F. Proxy Re-Encryption (PRE) The CPLM design also uses proxy re-encryption (PRE). It was first proposed by Blaze et al. [15]. Ateniase et al formalized it [16]. PRE enables a proxy server which cannot be trusted, having a re-encryption key (rekey) rk A→B to convert a first level cipher text into a second level cipher text without allowing the proxy to deduce any useful information about the message. In the CPLM scheme two relevant properties are emphasized: First is unidirectionality and the second is key privateness. Unidirectionality implies that the delegation from A → B does not allow delegation from B→ A. Key privateness means that given the re-encryption key rk A→B, the proxy obtains no information on either the delegator identity or the delegatee identity. In CPLM, the company delivers the health monitoring program which is encrypted using MDRQs to the untrusted cloud. The company also delivers many re-encryption key along with the cipher text to the cloud. The key private property ensures that no useful information about the underlying identities, corresponding to the thresholds of the internal decision nodes, is leaked to the cloud. PRE aids by reducing the encryption workload for the company. It should be ensured that the computation of the rekey generation should be lesser than that of the first level encryption in PRE.
C. Homomorphic Encryption In CPLM, additive homomorphic public-key encryption technique is used. In homomorphic encryption, if HE(p) and HE(q) are two encrypted messages, then the encryption of the addition of the two messages is obtained as follows HE(p+q) = HE(p) * HE(q), where * is an operation in the cipher text space. In CPLM homomorphic encryption is used to obtain tokens corresponding to the client attribute vector.
G. Virtual Machine Policing Sharing of resources among processes is a major contributor to the side channel attacks. One of the major objectives of using cloud computing is to share resources which calls for co-residence of virtual machines in a cloud computing environment. In the Virtual Machine Policing [17], the cloud server creates special virtual machines which are then launched by a physical host according to a police virtual machine scheduling policy. The attacking VM is then confused by the police VMs. This is done by running some clean up or resource sharing instructions. A police virtual machine is a VM which is launched by a physical host. Its responsibilities are to prevent and to handle the side channel attacks. A police VM consists of zero or more counter attack (CA) units as shown in Fig. 1. Each CA unit is a software component which handles the responsibility of preventing and handling a specific category of side channel attacks. Such CA units are installed dynamically depending on the situational need. The number of Police VMs executing and their scheduling policy is dictated by a number of factors such as the cloud server’s load, special security request of the client and performance requirements of the cloud server.
D. MDRQs Based Anonymous IBE Shi et al [12] first proposed Multi-Dimensional Range Queries (MDRQs). In the MDRQ system the sender encrypts a message using a range [er1, er2] or a C bit data v. A receiver with a private key which corresponds to the range [er1, er2] or a C bit data v can decrypt the message. The encrypted cipher text protects not only the privacy of the message but also the range or the data under which the message is encrypted. In MDRQs, a C-level binary is constructed to represent the C-bit data or the range. The root of the C-level binary tree is labelled as ┴. The left child node of an internal node s is labelled as s0 and the right child node is labelled as s1. The leaf nodes from the left to the right will be labelled with a string 0, 0, · · · , 0 to 1, 1, · · · , 1, corresponding to all the possible C-bit data. E. Decryption Outsourcing Pairing-based IBE systems [11] and attribute-based encryption systems [13], [14] are well known for expensive decryption workload. Decryption Outsourcing is used to decrease the computational complexity. It allows a client to convert his secret key to a transformation key. The transformation key is then delegated to an untrusted server which in turn uses it to convert the original cipher text to an el gamal encryption of the original message. The advantage is that the client only has to perform simple exponentiation operations to obtain the decrypted message. CPLM applies the outsourcing decryption technique with MDRQS based on the BF-IBE scheme. The advantage of the above scheme is that the client has to only perform one exponentiation to obtain the
Police VM CA unit1
CA unit2
CA unit3
…
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 125
www.iaetsd.in
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
H1 : {0, 1}∗ → G, H2 : G × G → Z∗q , H3 : M×M → Z∗q , H4 : GT →M×M, and H5 : G×M×M→ G. The system parameter is included in the following steps implicitly. Store: This step is performed by the company. Let PRF(s0, i) and PRF(s1, i) denote two pseudo-random functions. They take as inputs a secret key sj , j ∈ {0, 1} and a i, defined by PRF : {0, 1} λ × [1,N ∗ k] → {0, 1}C+C′ , where N represents the maximum number of the clients accessing the company’s monitoring program in a particular time slot. For j ∈ [1, k], the company computes the identity representation sets S[0;tj+ δ ij ] and S[tj+ δ ij+1;Max′]. δ(0)ij = PRF(s0, (i−1)∗k+j), δ(1)ij = PRF(s1, (i − 1) ∗ k + j) and δij = δ(1)ij + δ(0)ij , where j ∈ [1, k]. Let Q represent a random permutation of the set [1, k] = (1, 2, · · · , k) where Q[1] = 1. The company distributes PRF(s0, ·), {tj + δij , aj |i ∈ [1,N], j ∈ [1, k]} and the random permutation Q to the STA. The STA computes the identity representation set. For j ∈ [1, k], the STA runs the ReKey(id1, id2, msk) algorithm on the identities id1 ∈ S[0;tj+ δ ij ] and id2 ∈ S[0;tj+ δ (i+1)j ], or the identities id1 ∈ S[tj+ δ ij+1;Max′] and id2 ∈ S[tj+ δ (i+1)j+1;Max′]. The STA then delivers all the generated re- encryption keys according to the permuted order to the cloud. The ReKey algorithm is as follows. ReKey(id1, id2, msk): This algorithm is performed by the STA. When a delegator D receives a request of re-encryption from id1 to id2, it first executes the Ext algorithm on id2 to produce skid2. Then it outputs the re-encryption key from id1 to id2: rkid1;id2 = (rk(1) id1;id2, rk(2) id1;id2)= (H1(id1)s · gH2(skid2||Nid1;id2 ) ,Nid1;id2 ) and Nid1;id2 is a random element from G. The Ext algorithm works as follows. Ext(id, msk): This algorithm is performed by the STA and a client. Upon receiving an identity id as input, the client first selects a random number z ∈ Z∗q, and computes the value u1 =H1(id)z and sends it to the STA. The STA outputs the transformation key corresponding to the identity id: u2 = us1 where s = msk and delivers it back to the client. Then the client calculates his private key skid =u1/z2 =H 1(id)zsz−1=H1(id)s. It is to be noted that the STA deduces no information on the client’s identity as H1(id)z is just a random group element under a random oracle model. Starting with the node p1, the company chooses two symmetric keys kQ[L(j)] and kQ[R(j)] for each decision node pj whose children are internal nodes. Then, it executes the encryption algorithm Enc(id1, kQ[L(j)]||Q[L(j)]) and Enc(id2, kQ[R(j)]||Q[R(j)]), where the identity id1 ∈ S[0;tj+ δ ij ] and the identity id2 ∈ S[tj+ δ ij+1;Max′], respectively, in order to produce two cipher text sets CQ[L(j)] and CQ[R(j)]. Let TCj be represented by {CQ[L(j)],CQ[R(j)]}. The cipher texts TCQ[L(j)] and TCQ[R(j)] are encrypted using kQ[L(j)] and kQ[R(j)] for the two child nodes, using a semantically secure symmetric key encryption scheme. When pj represents the parent node of the leaf nodes, the information attached to the two leaf nodes are encrypted using the two symmetric keys.
Fig. 1 Police VM
IV.
ISBN : 378 - 26 - 138420 - 6
CPLM DESIGN
The system time is divided into time slots. Each time slot can range from a week to a month. It is assumed that a maximum of N users can access the monitoring program during a given slot. Whenever a client tries to access a monitoring program, it is assigned an index i by the STA, where i ∈ [1,N]. CPLM with an efficient Privacy Shield reduces not only the computational burden on the company but also the communication overhead for the cloud. As shown in Fig. 2, the high level idea is as follows. Key private re-encryption scheme is employed as an underlying tool. The company produces a single set of cipher text and delivers it to the cloud, instead of generating a cipher text for each client. The company then obliviously delivers the identity threshold representation sets to the STA for the thresholds of the decisional branching nodes and the indices of the concerned attributes so that the STA can produce the re-encryption keys corresponding to the rest of the clients in the system by making use of the key private re-encryption scheme. The produced re-encryption keys are then distributed to the cloud. The cloud then runs the re-encryption scheme using the rekeys and the single set of cipher text delivered by the company to produce the cipher texts for the rest of the clients. The key private re-encryption scheme assimilates the outsourcing decryption to ensure that the CPLM scheme incorporates security and efficiency characteristics. As a result of the decryption algorithm of the proxy re-encryption scheme, the interactions between clients and the cloud is also decreased. CPLM with an efficient Privacy Shield consists of the following five steps. SecParam: This step is performed by the cloud server by taking into consideration the security parameters provided by the client. If the client opts for special security request, the regular VM and the Police VM are scheduled alternatively. If the performance of the VM is a priority and if the number of clients accessing the monitoring program is less than 300, the police VM is scheduled after ten regular VMs. If the number of clients accessing is between 300 and 600, the police VM is scheduled after 15 regular VMs else it is scheduled after 20 regular VMs. If the performance of the VM is not a priority, then the police VM is scheduled after 15, 20, 30 regular VMs for the above corresponding range of clients accessing the monitoring program. Setup: This step is performed by the STA. The STA takes as input the security parameter 1 λ, and outputs the system parameter SP = (G,GT , q, g,Hi, i = 1, 2, 3, 4, 5), the key pair for the STA (pk, msk) = (y, s) = (gs, s). G and GT are bilinear groups of prime order q, g represents a random primitive root in G, Hi, (i ∈ {1, 2, 3, 4, 5}) represents cryptographic hash functions.
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 126
www.iaetsd.in
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
The company then distributes the resulting cipher texts and δ(1)ij to the cloud. The cipher texts for each node are aligned to the permuted order Q[j] in the cloud. The Enc algorithm works as follows. Enc(id,m): This algorithm is run by the company. Upon the input of a message m ∈M, and an identity id, the company outputs the ciphertext C = (c1, c2, c3), Where r = H3(m||σ), c1 = gr, c2 = (σ||m) ⊕ H4(e(H1(id), y)r) and c3 = H5(c1||c2)r, σ being a random element from M, the message space. For i ∈ [1,N], the cloud produces the cipher texts corresponding to the i-th client as follows: starting with the node p1, the cloud executes the ReEnc(Cid1 , rkid1;id2 ) algorithm to re-encrypt the cipher texts by making use of the rekey from the STA with identity id1 ∈ S[0;tj+ δ ij ] and the identity id2 ∈ S[0;tj+ δ (i+1)j ], or the identity id1 ∈ S[tj+ δ ij+1;Max′] and the identity id2 ∈ S[tj+ δ (i+1)j+1;Max′] here. The set of cipher text sets for the i-th client are a concatenation of the resulting public key cipher texts and the original symmetric key cipher texts. The ReEnc algorithm works as follows. ReEnc(Cid1 , rkid1;id2 ): This algorithm is run by the proxy server. It takes as inputs an original cipher text Cid1 = (c1, c2, c3) under the identity id1, and a re-encryption key from id1 to id2 rkid1;id2. If the equality e(c1,H5(c1||c2)) = e(g, c3) holds good, then the algorithm outputs the re-encrypted cipher text Cid2 =(c′1, c2, c′3, c4) where c′1 = e(g, c1), c′3 = e(c1, rk(1)id1;id2), and c4 = rkid1;id2 . If the above equality doesn’t hold good, it outputs ⊥. TokenGen: The process of generating a private key for the attribute vector v=(v1, · · · , vn) is initiated when the i-th client first produces a public/ private key pair of a homomorphic encryption scheme. The public key and the value HEnc(vj) are then sent to the STA. The STA computes the value HEnc(vaj + δ(0)ij ) from the values HEnc(δ(0)ij ) and HEnc(vaj ). Then the STA permutes the resulting cipher text according to Q and sends the permuted cipher text according to the order of Q[aj ] where j ∈[1, k] to the cloud. The cloud will then return the value HEnc(vaj+δ(0) ij + δ(1) ij )=HEnc(vaj + δij) to the client. The client then decrypts the returned cipher text and obtains vaj +δij for j ∈ [1, k]. The client then computes the identity representation set for each Svaj+ δ ij . For every identity id ∈ Svaj+ δ ij , the client executes the Ext(id, msk) algorithm with the STA to produce the transformation key. The transformation key is directly delivered to the cloud.
ISBN : 378 - 26 - 138420 - 6
entire process, the client needs to access the cloud multiple times which is directly proportional to the length of the path. The cloud need not make any computations during its interaction with the client as the client is capable of completing all the necessary decryption steps on its own. The client does not have to generate any bilinear map as the bilinear operation has already been done by the cloud owing to the pre-processing step in the ReEnc(Cid1 , rkid1;id2 ) algorithm.
Randomness data Attribute STA
Tokens
Company
Re-Keys
Client Encrypted Branching Program
Decrypted Label
Outsourcing Decryption Algorithm
Cloud Server Re-Encrypted Branching Program
Fig. 2 CPLM with an efficient Privacy Shield
The Dec algorithm works as follows. Dec(skid,C id): This algorithm is executed by a client. It takes as inputs a cipher text Cid under id, along with a private key skid . 1) If C id represents an original cipher text (c1, c2, c3), calculate the value c2 ⊕ H4(e(skid, c1)) = (σ||m) ⊕ H4(e(H1(id), y)r)⊕H4(e(H1(id)s, gr) = σ||m If c1 = gH3(σ ||m) and c3 = H5(c1||c2) H3(σ ||m) both hold good, it outputs m; otherwise it outputs ⊥. 2) If Cid represents a re-encrypted cipher text (c′1, c2, c′ 3, c4 ) , Calculate the value H4(c′3/c′1H2(skid′ ||c4))⊕ c2 = H4(e(y,H1(id)r) · e(g, g)r·H2(skid′ ||Nid;id′ )/(e(g, g)r)H2(skid′ ||Nid;id′ ))⊕(σ||m) ⊕ H4(e(H1(id), y)r) = σ||m If c′1 = e(g, g)H3(σ ||m) holds good, it outputs m; otherwise, it outputs ⊥.
Query: The client’s index i is delivered by the client to the cloud. The cloud will then return the respective cipher text. The client can either opt to download all the cipher texts and the transformation key and perform the rest of the decryption steps, or to start executing the Dec(skid ,Cid) algorithm, where the identity id ∈ S[0;t1+ δ i1] or S[t1+ δ i1+1;Max′] in order to decrypt from the node p1 and then download the cipher text along with the transformation key for the subsequent node based to the decryption result. If the client chooses the latter approach, then only the cipher text that corresponds to a path from the root node to a leaf node needs to be accessed instead of cipher texts for all nodes in the binary branching tree. However, in this
V.
Conclusion
CPLM is a cloud facilitated privacy shielding leakage resilient mobile health monitoring system, which can effectively not only shield the privacy of the clients but also the intellectual property of the mobile health service providers. In order to shield the privacy of the clients, the anonymous Boneh-Franklin identity based encryption (BF-IBE) has been applied in the medical diagnostic branching programs. As the IBE comes in with a high decryption complexity, the decryption outsourcing has been applied to shift the
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 127
www.iaetsd.in
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN : 378 - 26 - 138420 - 6
computation complexity from the clients to the cloud server thus resulting in a reduction in the decryption complexity. The Branching program tree has been extended by using random permutations and by randomizing the thresholds at the branching nodes in order to shield the Heath service providers’ monitoring programs. In order to enable and motivate small health care service providers, for whom resource constraint is a major problem, the CPLM design provides a way for shifting the computational burden to the cloud server by applying the key private proxy re-encryption technique. The side channel attacks are effectively prevented and handled by using VM policing. The CPLM scheme has been shown to achieve the design goals.
References [1] P. Mohan, D. Marin, S. Sultan, and A. Deen, “Medinet: personalizing the self-care process for patients with diabetes and cardiovascular disease using mobile telephony.” Conference Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society, vol. 2008, no. 3, pp. 755–758. [Online]. Available: http://www.ncbi.nlm.nih.gov/pubmed/19162765 [2] L. Ponemon Institute, “Americans’ opinions on healthcare privacy, available: http://tinyurl.com/4atsdlj,” 2010. [3] A. V. Dhukaram, C. Baber, L. Elloumi, B.-J. van Beijnum, and P. D. Stefanis, “End-user perception towards pervasive cardiac healthcare services: Benefits, acceptance, adoption, risks, security, privacy and trust,” in PervasiveHealth, 2011, pp. 478–484. [4] N. Singer, “When 2+ 2 equals a privacy question,” New York Times, 2009. [5] E. B. Fernandez, “Security in data intensive computing systems,” in Handbook of Data Intensive Computing, 2011, pp. 447–466. [6] A. Narayanan and V. Shmatikov, “Myths and fallacies of personally identifiable information,” Communications of the ACM, vol. 53, no. 6, pp. 24– 26, 2010. [7] A. Cavoukian, A. Fisher, S. Killen, and D. Hoffman, “Remote home health care technologies: how to ensure privacy? build it in: Privacy by design,” Identity in the Information Society, vol. 3, no. 2, pp. 363–378, 2010. [8] X. Zhou, B. Peng, Y. Li, Y. Chen, H. Tang, and X. Wang, “To release or not to release: evaluating information leaks in aggregate human-genome data,” Computer Security–ESORICS 2011, pp. 607–627, 2011. [9] R. Wang, Y. Li, X. Wang, H. Tang, and X. Zhou, “Learning your identity and disease from research papers: information leaks in genome wide association study,” in Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009, pp. 534–544. [10] M. Green, S. Hohenberger, and B. Waters, “Outsourcing the decryption of abe ciphertexts,” in Usenix Security, 2011. [11] D. Boneh and M. K. Franklin, “Identity-based encryption from the weil pairing,” in CRYPTO, 2001, pp. 213–229. [12] E. Shi, J. Bethencourt, H. T.-H. Chan, D. X. Song, and A. Perrig, “Multidimensional range query over encrypted data,” in IEEE Symposium on Security and Privacy, 2007, pp. 350–364. [13] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in EUROCRYPT, 2005, pp. 457–473. [14] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in ACM Conference on Computer and Communications Security, 2006, pp. 89– 98. [15] M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in EUROCRYPT, 1998, pp. 127–144. [16] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy reencryption schemes with applications to secure distributed storage,” ACM Trans. Inf. Syst. Secur., vol. 9, no. 1, pp. 1–30, 2006. [17] Tzong-An Su, “A mechanism to prevent side channel attacks in cloud computing environments”.
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH 128
www.iaetsd.in