The Secure Accessibity And Auditing The Phr

Published Date: 02 Nov 2017

ABSTRACT: Cloud computing is used to share computer component via network. Cloud computing is used to store more no of data. Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. Owners and users are assigned certain set of attributes. Owner encrypts the data with the attributes it has and Stores them in the cloud Attribute based encryption scheme used for encryption. The users with matching set of attributes can retrieve the data from the cloud. The third party auditing using to store and manage the key. Fine grained access control method is used for enhance the confidentiality of the data. Break class access method is used for some emergency purpose.

Keyword: Attribute based encryption, Domain management, Break class, Key management.

INTRODUCTION

Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications. Cloud services are popular because they can reduce the cost and complexity of owning and operating computers and networks. Since cloud users do not have to invest in information technology infrastructure, purchase hardware, or buy software licenses, the benefits are low up-front costs, rapid return on investment, rapid Deployment, customization, flexible use, and solutions that can make use of new innovations. In addition, cloud providers that have specialized in a particular area (such as e-mail) can bring advanced services that a single company might not be able to afford or develop. Some other benefits to users include scalability, reliability, and efficiency. Scalability means that cloud computing offers unlimited processing and storage capacity. The cloud is reliable in that it enables access to applications and documents anywhere in the world via the Internet. Cloud computing is often considered efficient because it allows organizations to free up resources to focus on innovation and product development.

Figure: structure of cloud

Figure 2: Overview of cloud

A PHR is a collection of important information about your health or the health of someone you are caring for, such as a parent or child. The information comes from a variety of sources and includes your medical records, your family health history, your Advance Health Care Directive (used to be called a Durable Power of Attorney for Health Care or a Living Will) and any other information about your health. 

Chances are a complete record of your personal health information cannot be found in any single location or consistent format. Although physician offices are beginning to keep electronic health records, their numbers are low. Different pieces of health information might be found across several different doctors, hospitals, and other health care providers. The information might be located in different cities, states, or even countries over the course of a lifetime. With a PHR you, your family, any doctor, wherever you travel - will have vital, current health information, easily available. In addition, if you frequently fill out medical information for specialists, sports teams or other medical needs, you will save yourself time by having your health information at your fingertips. 

In recent years, personal health record (PHR) has emerged as a patient-centric model of health information exchange. A PHR service allows a patient to create, manage, and control her personal health data in one place through the web, which has made the storage, retrieval, and sharing of the medical information more efficient. Especially, each patient is promised the full control of her medical records and can share her health data with a wide range of users, including healthcare providers, family members or friends. Due to the high cost of building and maintaining specialized data centers, many PHR services are outsourced to or provided by third-party service providers, for example, Microsoft HealthVault1. Recently, architectures of storing PHRs in loud computing have been proposed in [2], [3].

RELATED WORK:

ATTRIBUTE BASED ENCRYPTION:

Encryption scheme where users with some attributes can decrypt cipher texts associated with these attributes. The length of the cipher text depends on the number of attributes in An Attribute-Based Encryption (ABE) is an previous ABE schemes. In this paper, we propose a new Cipher text-Policy Attribute-Based Encryption (CP-ABE) with constant cipher text length. In our scheme, the number of pairing computations is also constant. In addition, the number of additional bits required from chosen plaintext attack-secure CP-ABE to chosen cipher text attack-secure CP-ABE is reduced by 90% with respect to that of the previous scheme.

KEY-POLICY ATTRIBUTE-BASED ENCRYPTION

The key-policy attribute-based encryption (KP-ABE) was _rst introduced in 2006 by Goyal et al. In this cryptography system, cipher texts are labeled with sets of attributes. Private keys, on the other hand, are associated with access structures A.A private key can only decrypt a cipher text whose attributes set is a authorized set of the private key's access structure, that is A() = 1. KP-ABE is a cryptography system built upon bilinear map and LSSS. Using the knowledge of previous sections, we can formally describe the construction of this cryptography system.

KP-ABE Encryption: (M; ; PK) Choose a random value s in Zp. Encrypt a secret message M in GT with a set of attributes . The ciphertext is:E = (;E0 = MY s; fEi = Tsi gi2)

KP-ABE Key Generation (A;MK) This algorithm output a private key D embedded with a access structure A. The access structure A is realized by the following three steps:

(i) Each non-leaf node is de_ned as a Shamir Threshold Scheme. Set the degree of secret polynomial px to be dx = kx ô€€€ 1.

(ii) For root node r, set pr(0) = y. And randomly choose dr element in Zp to completely de_ne pr. For any other non-leaf node x, set its secret to be one secret share of its parent node, that is px(0) = pparent(x)(index(x)). And randomly choose dx element in Zp to completely de_ne px.

(iii) For each leaf node x, assign the following value Dx = g, px(0) , tatt(x)

Let X be the set of leaf nodes in A. The private key is D = (A; 8x 2 X : Dx = g

px(0)

tatt(x) ).

KP-ABE Decryption: (E;D) The decryption algorithm is realized by the following three steps:

(i) For each non-leaf node x, all nodes z are children of x. Let Sx be an arbitrary kx-sized set of child nodes z such that DecryptNode(E;D; z) = Fz 6=?, if Sx 27

does not exists, DecryptNode(E;D; x) = Fx =?

Fx = Y

z2Sx

F

_i;S0

x

(0)

z , where i=index(z)

S0

x=findex(z):z2Sxg

=

Y

z2Sx

(e(g; g)s_pz(0))

_i;S0

x

(0)

=

Y

z2Sx

(e(g; g)s_pparent(z)(index(z)))

_i;S0

x

(0)

=

Y

z2Sx

e(g; g)

s_px(i)__i;S0

x

(0)

= e(g; g)s_px(0)

(ii) For each leaf node x

DecryptNode(E;D; x) =

8><

>:

e(Dx;Ei) = e(g

q)x(0)

ti ; gs_ti) = e(g; g)s_px(0) if i = att(x) 2

? otherwise

(iii) Apply this recursive algorithm to root node r, DecryptNode(E;D; r) = e(g; g)ys = Y s. Since E0 = MY s, the secret message is M = E0 Y s

In previous construction, the size of PK is linear to the size of U. In the original paper, the authors present another construction which they call large attributes universe. In that construction, size of PK is only linear to the pre-defined maximum size of U. The large universe construction is more practical since it does not require public key and master key update whenever a new attribute is added. We choose this construction because it is more straightforward to implement. Adopting large

universe construction will be one of the future works in order to make the overall system more dynamic. In KP-ABE scheme, delegation of private keys means converting the original access structure A into a more strict access structure A0. In the original paper, the authors present a three-step delegation based on large universe construction. However, as we will see in the next section, delegating KP-ABE private keys is, by nature, more difficult compare to CP-ABE private key delegation.

BREAK CLASS ACCESS

When an emergency happens, the break-glass access is needed to access the victim’s PHR. In our framework, each owner’s PHR’s access right is also delegated to an emergency department. After the emergency is over, the patient can revoke the emergent access via the Emergency Department.

REVOCATION:

In recent years, more and more companies outsource their data to the cloud service provider to greatly reduce the cost. However, it also raises underlying security and privacy issues for the significant corporate data. Therefore, a natural way to keep sensitive data confidential against a UN trusted cloud service provider is only to store the encrypted data in the cloud. Flexible encryption schemes can provide a fine grain access control for the encrypted data and ensure legitimate user to decrypt the corresponding data. The key problems of this approach include establishing access control for the encrypted data and revoking the access rights from users when they are no longer authorized to access the encrypted data on cloud servers. This paper aims to solve these problems. First, with the attribute encryption and the dual encryption system, we propose a concrete access control scheme constructed over the composite-order bilinear groups, and we prove its security under the standard model. Then, we propose a fully fine-grained revocation scheme under the direct revocation model so as to efficiently revoke access rights from users on cloud servers.

EXISTING SYSTEM:

In Existing system a PHR system model, there are multiple owners who may encrypt according to their own ways, possibly using different sets of cryptographic keys. The revocation process is complicated to handle. The scalability is not sufficient to provide better service for users in the network. The key management is not sufficient.

SYSTEM ARCHITECTURE:

PUD&PSD

Emergency domain

Perform delegation

PHR license diagnosis,

Insurance company

Staff (Emergency)

Cloud server

Read data

Write data

Provide the keys

Encrypted PHR

Revocation

PROPSED SYSTEM:

MODULE DESCRIPTION:

1. SECURITY MODEL

In this model a trusted server is generated where the data has to be retrieved and processed at high secrecy for that the policy have to be updated in the server assume each party in our system is preloaded with a public/private key pair, and entity authentication can be done by traditional challenge-response protocols. Hence a high security has been generated in accessing the sensitive data from the server. This project assures the patients’ control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing.

2. DOMAIN MANAGEMENT

In this module the domain is separated in to two security domains (namely, public domains (PUDs) and personal domains (PSDs)) according to the different users’ data access requirements. The PUDs consist of users who make access based on their professional roles, such as doctors, nurses and medical researchers. In practice, a PUD can be mapped to an independent sector in the society, such as the health care, government or insurance sector. For each PSD, its users are personally associated with a data owner (such as family members or close friends), and they make accesses to PHRs based on access rights assigned by the owner.

3. FINE GRAINED ACCESS CONTROL

This model is implemented in order to enhance the confidentiality of the data. Hence users

From different profile will access the data from different profile.

ATTRIBUTE REVOCATION

This is sub phase of fine grained access control where once the user attribute validity is over then that particular user access should be blocked in accessing the profile.

4. MA-ABE KEY MANAGEMENT

This module delegates the key management functions to multiple attribute authorities. In order to achieve stronger privacy guarantee for data owners, the Chase-Chow (CC) MA-ABE scheme is implemented in this module, where each authority governs a disjoint set of attributes. This attribute actively updates that attribute for all the affected unrevoked users. The following process will be implemented in this module a follows

The public/master key components for the affected attribute will be generated.

The secret key component corresponding to that attribute of each unrevoked user.

The server shall update all the cipher texts containing that attribute.

5 SECURITY ANALYSES

This module analyzes the security of the proposed PHR sharing solution. It achieves data confidentiality (i.e., preventing unauthorized read accesses), by proving the enhanced MA-ABE scheme (with efficient revocation) to be secure under the attribute based selective-set model. This framework also achieves forward secrecy, and security of write access control. In addition, the proposed framework specifically addresses the access requirements in cloud-based health record management systems by logically dividing the system into PUD and PSDs, which considers both personal and professional PHR users. Our revocation methods for ABE in both types of domains are consistent. The RNS scheme only applies to the PUD.

CONCLUSION:

In this paper, we have proposed a novel framework of secure sharing of personal health records in cloud computing. Considering partially trustworthy cloud servers, we argue that to fully realize the patient-centric concept, Patients shall have complete control of their own privacy through encrypting their PHR files to allow fine-grained access. Greatly reduce the complexity of key management while Enhance the privacy guarantees compared with previous works. Efficient and on-demand user revocation, and prove its Security. For the effectiveness of the project there are some additional key management mechanism are used. Mainly MAABE (multi authority attribute based encryption). The MAABE algorithm in which all the key functions and its management process are done by the TPA. The major enhancement of the project is the PHR data management and key management mechanism is secured by the third party auditor.