International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
Isolated Distribution of Health Records in
Cloud Computing using Attribute-Based
Encryption
1
1, 2, 3
Satish Pedada, 2Ch.Kodanda Ram, 3Y.Ramesh Kumar
1
Final year M.tech Student, 2,3Associated professor
Avanthi Institute of Engineering and Technology (JNTUK), Cherukupally, VizianagaramDist, Andhra Pradesh, India
ABSTRACT
In recent times personal health record (PHR) has emerged as a patient-centric of health information exchange, which features
storing PHRs electronically in one centralized place, such as a third- party cloud service provider. Although this greatly facilitates
the management and sharing of patients’ personal health information (PHI), there have been serious privacy concerns about
whether these service providers can be fully trusted in handling patient’s sensitive PHI. To ensure patient’s control over their own
privacy, data encryption has been proposed as a promising solution. However, key functionalities of a PHR service such as
keyword searches by multiple users become especially challenging with PHRs stored in encrypted form. Basically, user’s queries
should be performed in a privacy-preserving way that hides both the keywords in the queries and documents. To accomplish fine –
grained and scalability data access control for PHRs, we control attribute based encryption (ABE) techniques to encrypt each
patient’s PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner’s scenario, and
divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners
and users.
Keywords: Personal Health Records, fine-grained access Control, Attribute -Based Encryption
1. INTRODUCTION
In recent years, personal health record (PHR) has emerged as a patient-centric model of health information exchange. It
had never been easier than now for one to create and manage her own personal health information (PHI) in one place,
and share that information with other. It enables a patient to merge potentially separate health records from multiple
geographically dispersed health providers into one centralized profile over passages of time. This greatly facilitates
multiple other users, such as medical practitioners and researchers to gain access to and utilize ones PHR on demand
according to their professional need, thereby making the healthcare processes much more efficient and accurate. The
main concern is about whether the patients could actually control the sharing of their sensitive personal health
information (PHI), especially when they are stored on a third-party server which people may not fully trust.
2. RELATED WORK
This paper mostly related to works in cryptographically enforced access control for outsourced data and attribute based
encryption. To realize fine-grained access control, the traditional public key encryption (PKE) based schemes [8],[10]
either incur high key management overhead , or require encryption multiple copies of a file using different users keys. To
improve upon the scalability of the above solutions, one-to-many encryption methods such as ABE can be used.
ABE for Fine-grained Data Access Control
A number of works used ABE to realize fine-grained access control for outsourced data [13],[14],[9],[15]. Especially,
there has been an increasing interest in applying ABE to secure electronic healthcare records (EHRs) recently, Narayan et
al proposed an attribute-based infrastructure for HER systems , where each patient’s HER files are encrypted using a
broadcast variant of CP-ABE[16] that allows direct revocation. However, the cipher text length grows linearly with the
number unrevoked user. In [17], a variant of ABE that allows delegation of access rights is proposed for encrypted EHRs.
However there are several common drawbacks of the above works. First, they usually assume the use of a single trusted
authority (TA) in the system. This not only may create a load bottleneck but also suffers from the key escrow problem.
Recently , Yu et al. (YWRL) applied key-policy ABE to secure outsourced data in the cloud [9],[15], where a single data
owner can encrypt her data and share with multiple authorized users, by distributing keys to them that contain attributebased access privileges. They also propose a method for the data owner to revoke a user efficiently by delegating the
updates of affected cipher texts and use secret keys to the cloud server. Since the key update operations can be aggregated
over time, their scheme achieves low amortized overhead however in the YWRL scheme the data owner is also a TA at
the same time.. A use needs to obtain one part of her key from each A. this scheme prevents against collusion among at
most N-2 TAs, in addition to use collusion resistance.
Volume 2, Issue 9, September 2013
Page 333
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
3. FRAMEWORK FOR PATIENT-CENTRIC, SECURE AND SCALABILITY PHR
SHARING
In this we describe our novel patient-centric secure data sharing framework for cloud-based PHR systems.
3.1 Problem Definition
We consider a PHR system where there are multiple PHR owners and PHR users. The owners refer to patients who have
full control over their own PHR data, i.e they can create, manage and delete it. There is a central server belonging to the
PHR service provider that stores all the owners PHRs. The users may come from various aspects for example a User’s
access the PHR documents through the server in order to read or write to someone’s PHR, and a user can simultaneously
have access to multiple owners’ data.
3.1.1 Security Model
In this paper, we consider the server to be semi-trusted, i.e honest but curious as those in and [15]. That means the server
will try to find out as much secret information in the stored PHR files as possible, but they will honestly follow the
protocol in general. On the other hand, some users will also try to access the files beyond their privileges. For example, a
pharmacy may want to obtain the prescriptions of patients for marketing and boosting its profits. To do so, they may
collude with other users, or even with the server. In addition, we assume each party in our system is preloaded with a
public/private key pair, and entity authentication can be done by traditional challenge-response protocols.
3.1.2 Requirements
To achieve “Patient-Centric” PHR sharing, a core requirement is that each patient can control who are authorized to
access to her own PHR documentation. Especially use controlled read/write access and revocation are the two core
security objects for any electronic health record system. The security and performance requirements and summarized as
follows.
 Data Confidentiality: Unauthorized users who do not possess enough attributes satisfying the access policy or do not
have proper key access privileges should be prevented from decrypting a PHR document, even under user collusion.
Fine-grained access control should be enforced, meaning different users are authorized to read different sets of
documents.
 On-demand revocation: whenever a user’s attribute is no longer valid, the user should not be able to access future PHR
files using that attribute. This is usually called attribute revocation.
 Write Access Control: we shall prevent the unauthorized contributors to gain write-access to owners PHRs while the
legitimate contributors should access the server with accountability.
 The data access polices should be flexible.
 Scalalabilty, efficiency and usability: the PHR system should support users from both the personal domain and public
doings. Since the set of users from the public domain may be large in size and unpredictable, the system should be
highly scalability in terms of complexity in key management, communication, computation and storage..
3.2 Overview of Our Framework
The main goal of our framework is to provide secure patient-centric PHR access and efficient key management at the
same time. The key idea is to divide the system into multiple security domains namely public domains (PUDs) and
personal domains (PSDs) according to the different user’s data access requirements. The PUD consists of users who make
access based on their professional roles, such as doctors, nurses and medical researchers. In practice, a PUD can be
mapped to an independent sector in the society, such as the health care, government or insurance sector. For each PSD,
its users are personally associated with a data owner and they make access to PHRs based on access rights assigned by the
owner.
In both types of security domains, we utilize ABE to realize cryptographically enforced, patient-centric PHR access.
Especially in a PUD multi-authority ABE is used , in which there are multiple “attribute authorities “ (AAs), each
governing a disjoint subset of attributes. Role Attributes are defined for PUDs representing the professional role or
obligations of a PUD user. Users in PUDs obtain their attribute-based secret keys from the AAs, without directly
interacting with the owners. To control access from PUD users, owners are free to specify role-based fine-grained access
polices for her PHR files.
types and access requirements in a PHR system. The use of ABE makes the encrypted PHRs self-protective.
3.3 Details of the Propose Framework
In our framework there are multiple SDs, multiple owners, multiple AAs, and multiple users. In addition two ABE
systems are involved foreach PSD the YWRLs revocable KP-ABE scheme [9] is adopted. For each PUD our proposed
Volume 2, Issue 9, September 2013
Page 334
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
revocable MA-ABE scheme is used. The framework is illustrated in fig 1 we term the users having read and write access
as data readers and contribute respectively and the below diagram shows the proposed frame work for patient-centric,
secure and scalability PHR sharing on semi-trusted storage under multi-owner settings.
4. MAIN DESIGN ISSUES
In this section we address several key design issues in secured and scalability sharing of PHR in cloud computing.
4.1 Using MA-ABE in the Public domain
For the PUDs, our framework delegates the key management functions to multiple attribute authorities. In order to
achieve stronger privacy guarantee for data owners the Chase-Chow (CC) MA-ABE scheme [21] is used. A PHR
document with an owner-specified access policy for users from PUD. However, on technical challenging is that CC MAABE is essentially a KP-ABE scheme, where the access policies are enforced in user’s secret keys and those key-policies
do not directly translate to document access policies from the owner’s points of view. By our design we show that by
agreeing upon the formats of the key-polices and the rules of specifying which attributes are required in the cipher text,
the CC MA-ABE can actually support owner-specified document access policies with some degree of flexibility. It
functions similar to CP-ABE2
Achieving More Expensive File Access Policies
By enhancing key –policy generation rule, we can enable more expressive encryption’s access polices. In the users
attributes/roles belonging to different types assigned by the same AA are often correlated with respect to primary attribute
type.
The basic encryption rule, as long as there are multiple attributes of the same primary type, corresponding non interested
attribute tuples are included in the cipher text attribute set.
The primary type based attribute association is shown the below fig.
There is a “horizontal association” between two attributes belonging to different types assigned to each other.
4.2 Enhancing MA-ABE for User Revocation
The original CC MA-ABE scheme does not enable efficient and on-demand user revocation. To achieve this for MA-ABE
we combine ideas from YWRL’s revocable KP-ABE[9],[15] and propose an enhanced MA-ABE scheme. In particular , an
authority can revoke a user or users attributes immediately by re-encrypting the cipher texts and updating users secret keys
while a major part of these operations can be delegated to the server which enhance efficiency.
The idea of revoke one attribute of a user in MA-ABE is as follows the AA who governs this attribute actively updates that
attribute for all the affected unrevoked users.
4.3 Handle Dynamic Policy Changes
Our scheme should support the dynamic add/modify/delete of part of the document access polices or data attributes by the
owner. For example, if a patient does not want doctors to view her PHR after she finishes a visit to a hospital, she can
simply delete the cipher text components corresponding to attribute “doctor” in her PHR files. Adding and modification of
Volume 2, Issue 9, September 2013
Page 335
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
attributes/access policies can be done by proxy re-encryption technique however they are expensive to make the
computation more efficient, each owner could store the random number s used in encrypting the FEK3 of each document
on her own computer, and construct new cipher text components corresponding to added/changed attributes based on s.
the Policy Update algorithm is shown below fig..
Fig shows the MA-ABE scheme with on-demand revocation capabilities.
5. SECURITY ANALYSIS
In this section, we analyze the security of the proposed PHR sharing solution First we show it achieves data confidentiality
by providing the enhanced MA-ABE scheme to be secure under the attribute based selective-set model.The enhanced MAABE scheme guarantees data confidentiality of the PHR data against unauthorized users and the curious cloud service
provider, while maintaining the collusion resistance against users and up to N-2 AAs.We also compare the security of our
scheme with several existing works, in terms of confidentiality guarantees control granularity and supported revocation
method etc. a privacy preserving EHR system that adopts attribute based broadcast encryption (ABBE) to achieve data
access control.
6. COMPUTION COSTS
We evaluate the computational cost of our scheme through combined implementation and simulation. We provide the first
implementation of the KP-ABE scheme[35] and also integrated the ABE algorithms into a prototype PHR system,
IndivoKP-ABE scheme tested on a PC GHz processor, using pairing based cryptography(PBC).And implement the userinterfaces for data input and output. Due to space limitations, the details of prototype implementation are reported in Each
PSD user adopts the YWRL scheme for decryption, while each PUD user adopts the enhanced MA-ABE scheme for
decryption. Each AA uses MA-ABE for setup, key generation and revocation. And we provide estimations of computation
times of each party in the system given below table.
The values are calculated from the example parameters and bench mark results, where exponentiation time EXP1 = 6 ,
4ms, EXPt = 0.6ms, paring time Tp =2.5ms.
Finally we simulate the servers computation cost spent in user revocation to evaluate the system performance of user
revocation. Especially, the lazy-revocation method greatly reduces the cost of revocation, because it aggregates multiple
cipher text/key update operations, which repays the computations over time.
Setup
KeyGen(per Enc.(Per file)
Dec(Per file)
User)
Owner
Estimates(s
)
PSD User
Estimate(s)
PUD User
Estimates(s
)
Kth
AA
Estimate(s)
/
/
/
/
|L(T)|Exp1 (|AcPSD|+|AcPUD||+1)
0.064
Exp1 + 2ExpT
0.264
/
/
/
/
/
/
/
/
(|UR|K+1)Exp1+Exp
T 0.135
~|AUk|Exp1 /
0.038
/
|Ud|Exp1+ExpT
0.32
Volume 2, Issue 9, September 2013
/
/
~|L(T)|Tp
0.025
~(|AU|m+1)T
User
Revocation
|γ’|Exp1
0.32
p
/
/
/
/
0.078
/
/
|γ’|Exp1
0.032
Page 336
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
7. CONCLUSION
We have proposed a novel framework of secure sharing of personal health records in cloud computing. Considering
partially trustworthy cloud servers, to fully realize the patient-centric concept patients shall have complete control of their
own privacy through encrypting their PHR files to allow fine-grained access. The framework addresses the unique
challenges brought by multiple PHR owners and users, in that we greatly reduce the complexity of key management while
enhance the privacy guarantees compared with previous works. We utilize ABE to encrypt the PHR data, so that patients
can allow access not only personal users, but also various users from public domains with different professional roles,
qualifications and affiliations. Furthermore, we enhance an existing MA-ABE scheme to handle efficient and on-demand
user revocation, and prove its security through implementation and simulation. We show that our solution is both
scalability and efficient.
REFERENCES
[1] M. Li, S. Yu, K. Ren, and W. Lou, “Securing personal Health Records in cloud computing: patient-centric and fine –
grained data access control in mulit-owner settings, in SecureComm’10, Sept 2010, pp. 89-106.
[2] H.Lohr, A.R Sadeghi, and M.Winandy , “Securing the e-health cloud” in proceedings of the 1st ACM Interational
Health informatics symposium,ser IHI ‘ 10 2010 pp.220-229.
[3] M.Li, S. Yu, N. Cao and W. Lou , “Authorized private keyword search over encrypted personal health records in
cloud computing” in ICDS ’11, jun , 2011
[4] “
the
health
insurance
probability
and
accountability
act
“
[online]
available
http://www.cms.hhs.gov/HIPAAGenifo/01_overview.asp
[5] “Google, Microsoft say hippa stimulus rule doesn’t apply to them”
[6] “At risk of exposure – in the push for electronic medical records , concern is growing about how well privacy can be
safeguarded”
[7] K.D Mandal, P.Szolovits, and I.S kohane , “ Public standards and patients ‘ control how to keep electronic medical
records accessible but private” BMJ vol. 322,no.7281 , p 283 Feb 2001
[8] J.Benaloh, M.Chase , E. Horvitz, and K.Lauter , “patient controlled encryption: ensuring privacy of electronic
medical records” in CCSW ‘ 09,2009,pp03-114
[9] S. Yu,C.Wang, K.Ren and W. Lou, “Achieving secure, scalability and fine-grained data access control in cloud
computing”
[10] C.Dong , G. Russello, and N. Dualy , “shared and searchable encrypted data for untrusted servers” in journal of
computer security 2010.
[11] H. Yang, H. Luo, E.Ye, S. Lu, and L.Zhang, “Security in mobile adhocnetworks : challenges and solutions,” Wireless
Communications IEEE, vol 11.no, 1,pp 38-47, feb 2004
[12] N. Attrapadung and H.Imai, “Conjuctive broadcast and attribute-based encryption,” Pairing-Based CryptographyPairing 2009,pp.248-265,2009
[13] S.Muller, S. Katzenbeisser, and C.Eckert, “Distributed attribute based encryption”,information security and
cryptography-ICISC 2008, pp,20-36,2009.
[14] S.Chow, “New privacy-preserving architecture for identity-attribue-based encryption,” PhdThesis , NYU , 2010.
[15] Y.Zheng,
“key-policy
attribute-based
encryption
scheme
implementation”,
http://www.cnsr.ictas.vt.edu/resources.html
[16] ”Privacy-Preserving personal Health record system using attribute-based encryption” Master theisis, WORCESTER
POLYTECHINIC INSTITUTE,2011
[17] B.Lynn,”Thepbc library,” http://crypto.stanford.edu/pbc/
[18] M.Pirretti, P. Traynor, P.Mcdaniel, and B.Waters, “Secure attribute-based systems”, Journal of computer Security,
Vol 18, no 5, pp. 799-837,2010
[19] J.Bethencourt, A. Sahai, and B.Waters , “Ciphertext-policy attribute-based encryption,” in IEEE S& p
’07,2007,pp.321-334.
[20] J.A. Akinyele, C. U. Lehman, M.D Green,M. W. Pagano, Z.N.J. Peterson and A.D, Rubin, “self-Protecting electronic
medical
records
using
attribute-based
encryption”,
Cryptology
ePrint
Archive,
Report
2010/565,2010,http://eprint.iacr.org/.
[21] M.Chase and S.S.Chow, “Improving privacy and security in multi-authoriy attribute-based encryption” , CCS’
09,2009,pp 121-130
About Author
Mr. Satish Pedada final Year M.tech Student in Avanthi Institute of Engineering Technology (JNTU K)
Cherukupally, VizianagaramDist, Andhra Pradesh, India.
Volume 2, Issue 9, September 2013
Page 337
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 9, September 2013
ISSN 2319 - 4847
Mr.Ch.Kodanda Ram working as Associate professor in the department of CSE in Avanthi Institute of
Engineering and Technology (JNTUK), Cherukupally, VizianagaramDist, Andhra Pradesh, India.
Y. Ramesh Kumar obtained his M.Sc (Computer Science) degree from Andhra University. Later he
obtained his M.tech (CST) degree from Andhra University. Presently he is working as Associate Professor
and Head of the Department (CSE) at Avanthi Institute of Engineering and Technology, Cherukupally,
VizianagaramDist He has guided more than 60 students of Bachelor degree, 40 students of Master Degree in computer
Science and Engineering in their major projects. His Research intrest includes Ontology-based information. Extraction
Based on Web Search and mining and Ware housing.
Volume 2, Issue 9, September 2013
Page 338