International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 1– Feb 2014
Secure Health Information Exchanging in Cluster Computing Satish Garigipati1, Manoj Kumar Gottimukala2 1
2
CSE, MRCET, India Assistant Professor, CSE, MRCET, India
Abstract--Cloud computing has emerged as a technology that exhibits new model of computing. It has become a solution for individuals and organizations for outsourcing data. The cloud services are rendered in pay per use fashion that gets rid of the need for capital investment. Enterprises that need huge storage facility such as a data centre are moving their data to cloud storage service. With respect to health care domain huge amount of data is being produced every day. Out of the Personal Health Records (PHRs) is the model that contains patients’ health related information. This kind of data is very huge and needs to be outsourced. This data is very sensitive when compared with data of other domains. It is essential that the data is controlled by patients or the owners. Thus patient centric storage and retrieval has become a requirement. In order to achieve this with good security measure PHR of a patient is encrypted before that is outsourced to cloud. However, there are many concerns in people about cloud computing and its security especially. For this reason secure and scalable solution is required. Recently Li et al. proposed a solution to this problem. There scheme is named “Multi-Authority Attribute Based Encryption” which will encrypt the data based on attributes before being outsourced. This scheme is scalable and provides sharing of data simultaneously for multiple users. In this paper we implement the scheme proposed by Li et al. and our experimental results reveal that the scheme is very effective and can be used in the real world.
Index Terms –Cloud computing, attribute based encryption, PHR, storage security
I.
INTRODUCTION
In health care domain the data is modelled in the form of PHR (Personal Health Record) which facilitates the patient centric way of storing and retrieval of data. With this model patients are given full control over their PHRs and they can share it selectively to friends and relatives. Moreover they can give access to the users based on the attributes. It does mean that the PHR owner will have the provision to share data with constraints. PHR owner can determine the privileges that are granted to
ISSN: 2231-2803
friends or relatives while providing access to the data. Cloud computing has become a good solution for outsourcing such data. Many techniques came into existence recently in order to outsource data to cloud, especially PHR data [2], [1]. The existing frameworks to share PHR could not address all the security problems that might arise. More over patient centric mechanisms were not satisfactory. In order to ensure it, some regulations came into existence. For instance HIPPA is an example for healthcare regulations [3]. The data which is in the form of PHR are very sensitive as they contain patients’ information. Therefore integrity of such data and the access to all eligible groups of people without compromising security is a challenging task. There was an incident in the history which reports that 26.5 billion records of military veterans were lost [4]. Access control which is fine grained is very essential for controlling PHRs. Such data is essentially stored in a distributed environment. The fine grained access control is very important as the servers who store data are considered semi – trusted. The best solution to this is to secure PHRs before sending them to cloud. The cloud data owner has to be making certain decisions pertaining to encryption and other techniques. The owner of PHR encrypts it before outsourcing to cloud. Later on the people who have rights to access such data can obtain it and use it as per the privileges on various parts of the data. Not only in granting rights to other users is the job of PHR owner but he can also revoke the privileges that have been granted for any reasons [5]. PHR owners are many and they can grant access to their data based on the attributes and they are encrypted. This is known as attributed based encryption where cryptographic primitives are used for achieving this [7], [6]. The users of PHRs can gain permissions from PHR owners in order to gain access to the required data. There is another way of accessing PHRs. The use of CA (Certified Authority) with good key management scheme can be used in order to provide parallel access to PHR records. This paper is based on the Attributed Based Encryption (ABE) which is used to encrypt data before outsourcing it. The fined grained access control is based on the attributes and certain privileges. However, the emergency staffs is granted break-glass security in
http://www.ijcttjournal.org
Page1
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 1– Feb 2014
which case, they can access the PHR data in emergency situations without the need for permission granted by patients or other authorities. Our contributions in this paper are as follows. 1. We built a framework that is based on MAABE which is basically patient centric where patients have full control over their data. 2. Fine grained access control is flexible and can provide secure access to right people with right privileges. The remainder of the paper is structured as follows. Section II provides review of literature. Section III provides a schematic overview of the proposed architecture. Section IV presents prototype implementation details. Section V presents experimental results while section VI concludes the paper.
II.
III.
OVERVIEW
OF
PROPOSED
SCHEME In this paper we have adapted a scheme for secure outsourcing of PHR. The scheme has been made in [4] originally that helps in secure outsourcing of PHRs. The proposed scheme is knwon as multi-authority based attribute based encryption. Figure 1 shows the overview of the system.
PRIOR WORKS
Many systems came into existence that providessecure storage facilities to data. However, in healthcare domain, it is essential to outsource data with complete security as the data is very sensitive in nature. Cryptography has been around for securing data. In this paper ABE is used to achieve this. Attribute is basically a group of attributes which are related. This will help in making fine grained access control. The public key mechanismsthat are used in the real world are not very useful with PHR systems as they cause much overhead. Sharing a set of fields (attribute) has very important utility in fine grained access control in the real world. Kay management can be done efficiently with this concept [8]. ABE also ensure that the user collision problem is prevented completely. Many researchers already worked out ABE based security mechanisms [11], [7], [9], and [10]. This usage is more with respect to PHRs in health care domain. Many variants to ABE also came into existence. They are CP-ABE as explored in [13] and [12]. Recently another variant of ABE was proposed by Yuu et al. [7]. This scheme supports revocation of access rights from users to which permissions have been granted. This enables PHR owners to have full control over their data. However, from the implementation perspective, it is very difficult task. There is periodic revocation as well but revoking access rights on – demand is more useful which is ensured in CP-ABE. With complete security for PHRs Li et al. [14] proposed a scheme that is named as Multi-Authority ABE which also supports multiple domains.
Fig. 1 – Schematic overview of the scheme As seen in Figure 1, the PHR data is being accessed by PHR owners, his friends or relatives for whom access rights are bestowed besides public domain people from hospital, insurance, and physician. These public domain users gain access to the PHR as per the privileges given to them. Patients can operate the system online and provide details. They can also determine the other users such as friends, relatives and public users who can gain access to the data of the owners. However, the data owner provides permissions based on the attributes and access rights required by the people. Moreover attribute authorities can have privileges to give permissions on the data to other users as well. There are some emergency users for which “break glass security” is provided as and when required in emergency situations. The security policies used are based on attributes as they are essential means to have fine grained access control. This makes the system robust to controlling data and usage. Attributesas described earlier in this paper are set of fields which are related. For instance personal information such as name, address, email, phone etc. can come under an attribute. Other attributes include medical history, prescriptions, and so on. Every attribute is encrypted before it is sent to cloud. The users who gain access to the application are into private and public domains. In order to ensure the complete security in the system,
ISSN: 2231-2803
http://www.ijcttjournal.org
Page2
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 1– Feb 2014
many operations are carried out. They include setup, key distribution, break-glass security, policy updates, user revocation, PHR encryption, access and so on. There is a process of generating public key as part of key distribution. Attributes are used to make encryption and access policies which are patient centric. PHR owner has given both provisions such as granting and revoking privileges to friends and relatives. From time to time policy updates are done as per the PBR’s encryption scheme. The break glass security is applied when emergency personnel need PHR details. They are given priority in accessing the PHR data as they need it without conditions. More technical information on this can be found in [14].
IV.
make use of ABE that has been implemented in this paper. The communication takes place in secure fashion.
PROTOTYPE Fig. 3 –ABE and ABD results
IMPLEMENTATION A prototype has been built in order to demonstrate the proof of concepts of the paper. Especially the framework is implemented using Microsoft .NET as development platform. The application is web based and works in distributed environment. Multiple sessions at a time are supported in order to ensure that the system works in multi-user environment. The environment used to build the application is a PC with 2GB RAM, core 2 dual processor running Windows 7 operating system. The platform used to built application is Microsoft .NET. The programming language used is C#. Important features of the application can be viewed in Figure 2 and Figure 3.
As shown in Figure 3, encryption and decryption provisions are made available. Both are related to the securitymechanism which is based on ABE which is proved to be efficient means of security outsourced data. Especially the PHRs of health care domain need secure mechanisms as the data is very sensitive in nature.
V.
EXPERIMENTAL RESUTLS
With the prototype application, many experiments are made. The results obtained from the experiments are compared with other state-of-the-art systems in the literature. The systems with which the results of the proposed work were compared include VFJPS [17], HN [16], RNS [15], BCHL [6], and NGS [12]. The experimental results revealed that the proposed system outperforms all the existing schemes in terms of public key or information size, secret key size, cipher text size and revocation message. The results are presented in Figure 4.
Performance
30 20 10 NGS 0 Fig. 1 – Illustrates Key Generation as part of MAABE system As can be seen in Figure 1, the user interface helps a new user to register him with the system. It does mean that the new users can gain access to PHR data as per the privileges given by the owners of PHRs. Figure provides the interface that can be used to
ISSN: 2231-2803
Fig. 4 –Experimental Results
http://www.ijcttjournal.org
Page3
International Journal of Computer Trends and Technology (IJCTT) – volume 8 number 1– Feb 2014
As seen in Figure 4, the results of our scheme presented in this paper are compared with NGS and RNS. With respect to cipher text size, user secret key size, public key and revocation message, our scheme has better performance.
VI.
accessible but private,” BMJ, vol. 322, no. 7281, p. 283, Feb. 2001. [6] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient controlled encryption: ensuring privacy of electronic medical record- s,” in CCSW ’09, 2009, pp. 103–114. [7] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,”
CONCLUSION
In this paper we studied the security for the outsourced PHRs in health care domain. Many systems came into existence in order for secure outsourcing of PHR data to cloud. Since the data is sensitive in nature, it needed more secure mechanism. We implemented a framework that allows secure, fine grained access control in patient – centric fashion. The PHR owners are able to provide attribute based security besides having the provisions to share the data to friends and relatives with fine grained control. Multiple attribute authorities can also exist for public access of data with full control over it. The work has been influenced by the work of Li et al. [14]. The prototype application that has been implemented by us is able to demonstrate the proof of concept. The results revealed that the proposed system is scalable and can securely outsource PHR data to cloud.
in IEEE INFOCOM’10, 2010. [8] M. Li, W. Lou, and K. Ren, “Data security and privacy in wireless body area networks,” IEEE Wireless Communications Magazine, Feb. 2010. [9] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient revocation,” in ACM CCS, ser. CCS ’08, 2008, pp. 17–426. [10] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes,” 2009. [11] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation,” in ASIACCS’10, 2010. [12] S. Narayan, M. Gagń , and R. Safavi-Naini, “Privacy preserving e ehr system using attribute-based infrastructure,” ser. CCSW ’10, 2010, pp. 47–52.
REFERENCES
[13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy
[1] M. Li, S. Yu, N. Cao, and W. Lou, “Authorized private
attribute-based encryption,” in IEEE S& P ’07, 2007, pp. 321–334.
keyword search over encrypted personal health records in cloud
[14] Ming Li Member, IEEE, Shucheng Yu, Yao Zheng, KuiRen
computing,” in ICDCS ’11, Jun. 2011.
and Wenjing Lou, “Scalable and Secure Sharing of Personal Health
[2] H. Lohr, A.-R.Sadeghi, and M. Winandy, “Securing the e-health
Records in Cloud Computing using Attribute-based Encryption”,
cloud,” in Proceedings of the 1st ACM International Health
IEEE, 2012.
Informatics Symposium, ser. IHI ’10, 2010, pp. 220–229.
[15] S. Ruj, A. Nayak, and I. Stojmenovic, “Dacc: Distributed
[3] “Google, microsoft say hipaa stimulus rule doesn’t apply to
access control in clouds,” in 10th IEEE TrustCom, 2011.
them,” http://www.ihealthbeat.org/Articles/2009/4/8/.
[16] J. Hur and D. K. Noh, “Attribute-based access control with
[4] “At risk of exposure – in the push for electronic medical
efficient
records, concern is growing about how well privacy can be
Transactions on Parallel and Distributed Systems, vol. 99,
safeguarded,” 2006. [Online]. Available:
no.PrePrints, 2010.
http://articles.latimes.com/2006/jun/26/health/he-privacy26
[17] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and
[5] K. D. Mandl, P. Szolovits, and I. S. Kohane, “Public standards
P. Samarati, “Over-encryption: management of access control
and patients’ control: how to keep electronic medical records
evolution on outsourced data,” in VLDB ’07, 2007, pp. 123–134.
ISSN: 2231-2803
revocation
in
data
http://www.ijcttjournal.org
outsourcing
systems,”
Page4
IEEE