2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering
Hybrid Secure and Scalable Electronic Health Record
Sharing in Hybrid Cloud
R. Manoj1, Abeer Alsadoon1, P.W.C. Prasad1, Nectar Costadopoulos1, Salih Ali2
1
School of Computing and Mathematics, Charles Sturt University, Australia.
2
University of Baghdad Technology, Iraq
Abstract— Cloud computing has become an integral part of the
operation of health. However, there are major security and
privacy issues in terms of accessing medical records from the
hybrid cloud environment. In this paper, a new secure hybrid
Electronic Health Record system is proposed. In this framework,
two efficient encryption methods are combined for fine grained
access control and protection of data privacy. Multi-authority and
Key-based encryption schemes are used for the encryption of each
part of health records after dividing those records using a vertical
partitioning method. Multi-authority encryption schemes are
primarily used in the Public Domains (PUDs), while Key-based
encryption schemes are prevalent in Personal Domains (PSDs).
Together, they provide; secure data access and authentication of
users. Implementation is facilitated using Windows Azure Cloud
Computing platform.
Keywords— Privacy, security, Electronic health records, Hybrid
cloud, Data access, Authentication.
I. INTRODUCTION
The capacity of cloud computing to store and share globally
large amounts of information has made this technology highly
useful for the health industry [1]. Electronic Health Record
systems (EHR) consist of a large amount of electronic health
information, which, with the help of cloud computing, can be
easily and effectively managed, shared, providing access to the
personal health information of patients. The high cost of
building and maintaining Electronic Health Record (EHR)
systems leads health organizations to migrating to cloud or
outsourcing services from cloud health service providers such
as Google Health. Due to the benefit of multiple deployments
model in hybrid cloud, increased the interest of health industries
to host their EHR application toward in hybrid infrastructures.
This development has heightened the problem of security and
privacy in terms of access of EHRs. To overcome the
challenges created by the inclusion of cloud computing, and to
ensure the medical data, it is crucial to have a fine grained
access control method and an effective authentication scheme.
To achieve this and maintain security of sensitive information,
encryption is the most suitable method.
The aim of this project is to propose a hybrid solution for
sharing EHRs in a hybrid cloud environment by preserving
security and privacy. To achieve fine grained access control for
EHRs, we innovatively combine two Attribute Based
Encryption (ABE) techniques to encrypt each patient’s EHR
file. The remainder of this paper is organized as follows:
Section 2 reviews relevant literature. Section 3 analyses the best
current solution, identifying limitations and mitigations and
discussing the proposed system. Implementation details for the
978-1-5090-6325-3/17 $31.00 © 2017 IEEE
DOI 10.1109/MobileCloud.2017.38
proposed system together with its logical design are given in
sections 4, and 5 respectively. Section 6 analyses
implementation results. The conclusion and future research is
discussed in section 7.
II. LITERATURE REVIEW
A. Impact of Cloud security and privacy in EHR
Over the last decade, cloud computing has grown as a new
service model leading to the establishment of numerous cloud
based data centers as cost-effective platforms for hosting large-
scale service applications. However, notwithstanding
considerable benefits and services, the problem of security and
privacy of medical data access has been significant for service
providers. To mitigate this, researchers have proposed
numerous techniques and methods. [2], have proposed a
practical hybrid solution for secure data access in cloud, which
ensures high data reliability, security and integrity by
combining statistical and cryptographic techniques. The aim of
this model is to provide flexible and secure medical data access
with maximum data utilization and privacy protection.
Others have focused on an effective and secure Electronic
Health Record (EHR) system by meeting cloud security
requirements through confidentiality, integrity, availability,
non-repudiation, protection of patient medical information, and
privacy as in [1]. These researchers have introduced a secure
EHR system, which meets the requirements of the Health
Insurance Portability and Accountability Act [3]. Similarly, [4]
introduce a user-friendly framework for health providers, which
help to secure electronic health record access using hybrid
cloud. In this framework, authors ensure fine grained access
control by implementing strong authentication and efficient
encryption algorithms.
B. Survey of Mobile EHR Cloud Architecture
Several researchers have also concentrated on developing the
architecture for mobile health cloud and have presented a
detailed survey of the problems caused by mobile computing.
[5], propose a mobile health application by integrating
cryptography, mobile application, and Role Based Access
control in hybrid cloud. This system helps to speed up and
improve medical services by means of providing security and
privacy. [6], implement an Open SOA web platform suitable for
mobile health application. This system provides some features
such as secure online vital sign access of patients and gives
guidelines to patients based on those signs. Similarly, [7] have
presented a detailed survey of security requirements while
185
migrating an electronic health system to an IaaS (Infrastructure
as a Service) cloud environment, its mechanism, major
challenges and the solutions. They have explained some of the
basic challenges of weak security such as dependency, cost,
integrity, availability, scalability and regulatory complaints.
For this protocol, the authors conduct a survey of secure data
deletion techniques, and provide classification of secure data
deletion techniques [8]. A different approach was taken by [9]
who analyzed a procedure for migration of Personal health
information systems to a cloud environment. Even though
various secure electronic health cloud solutions has been
surveyed, the authors however have not recommended an
effective system in terms of high security and privacy and
minimal cost.
C. Maintain security using Efficient Encryption Algorithm.
The privacy and security of health record access depends to a
significant extent upon the efficiency of encryption algorithms
and authentication methods. Researchers in this field have
proposed and implemented numerous solutions by integrating
encryption algorithms and different authentication standards.
[10] , have carried out a detailed analysis of different encryption
methods used in EHR systems. Some, such as, [11], focus on
how to enhance security and access control of existing
solutions. They propose a hybrid solution by combining
efficient encryption algorithms such as Advanced Encryption
Standard (AES) and Multi Authority Attribute Based
Encryption (MA-ABE) schemes. Likewise, [12] propose a
system that provides high security and integrity by encrypting
health records using Attribute Based Encryption techniques.
Some researchers focus on how to secure the shared data stored
in the cloud from public verifiers [13]. They have proposed a
privacy protection method named Oruta, which is based on a
ring signature, a computational and authentication process for
auditing cloud data without retrieving entire data sets. [14],
have implemented an effective and secure health record access
system by integrating an Attribute based encryption (ABE)
scheme with a Binary search tree method. By using the
efficiency of Cipher Policy Attribute based encryption, authors
can ensure the security and privacy of stored EHRs in hybrid
cloud. In the same way, [15] have introduced a heterogeneity-
aware dynamic capacity system named Harmony that
minimizes scheduling delays and optimizes energy savings in
cloud data centers. But the authors have stated that the study of
heterogeneity of workloads and physical machines still needs to
be more fully researched and implemented.
III. CURRENT SOLUTION OF ELECTRONIC HEALTH RECORD
(EHR) IN HYBRID CLOUD WITH LIMITATION
The current solution for EHRs in Hybrid Cloud is based on
a practical solution by combining the statistical and crypto
graphical technology for sharing medical data in hybrid cloud.
The current system describes the detailed implementation of its
components such as Vertical data partition, Data merging and
Integrity assurance. Among those components, the Vertical data
partitioning method may be considered one of the most
important features similar to privacy preserved data publishing.
In Vertical partitioning the original EMR file is partitioned into
186
Quasi-Identifiers, Plain text medical information and Explicit
Identifiers. After partitioning the original EMR file, the current
solution encrypts Quai-identifiers and Explicit identifiers
published in hybrid cloud using Advanced Encryption Method
(AES) along with plaintext for medical information. The
limitation of this component is that it uses Advanced
Encryption method (AES) as an encryption process. To assure
the privacy of medical data and provide secure access using
hybrid cloud, it is crucial to have a fine grained access control
method and an effective authentication scheme. One encryption
methods that is most suitable for the security of sensitive
information.is Advanced Encryption Standards (AES) with
proven proficiency in protection. However, its major drawback
is in privacy protection and processing time [16]. In addition,
although AES needs less computation time for small amounts
of data processing, when the size of the data grows,
computation time increases rapidly [16]. Moreover, the
implementation result of the current solution shows that it is
inefficient for medical data sharing and access by concurrent
users. Also a traditional authentication method is used to
authenticate the recipient in the current solution. The current
solution with its limitation and its possible mitigations is shown
in figure 1.
IV. PROPOSED SECURITY AND PRIVACY PRESERVED
ELECTRONIC HEALTH RECORD ACCESS USING HYBRID CLOUD.
The proposed model focuses on the security and privacy of
access to medical records using hybrid cloud. To overcome the
limitations of the current system, a Hybrid Secure and Scalable
Electronic Health Record Sharing (HSS-EHRS) system is
proposed. The main idea behind our proposed framework is to
provide solutions for secure, scalable and privacy preserving
EHR data access in Hybrid Cloud. For this, we divide the
system into two security domains namely Public Domains
(PUD) and Personal Domains (PSD) based on the data access
requirements of recipients. The recipients in PUDs can access
the EHR data based on their professional role such as Doctors,
Nurses, Insurance Executives, etc... . In the case of PSD, users
are personally related to the data owners, such as family
members or friends. In both domains, we use the Attribute
Based Encryption (ABE) Scheme. In the Public Domain, the
Multi Authority ABE scheme is used for multiple “Attribute
Authorities” (AAs). In the case of Public Domain users, they
can obtain their secret keys from Attribute Authorities and not
directly from EHR owners. A Key Policy Attribute Based
Encryption (KP-ABE) method is used to encrypt and manage
the secret key for Personal Domains (PSDs). In the proposed
HSS-EHRS system, we improve the security and fine grained
access control mechanisms of the current system. To overcome
limitations in the current best solution, two efficient encryption
methods are combined \for fine grained access control and
protection of data privacy. Multi-authority and key-based
encryption schemes are used for the encryption of the Quasi
Identifiers and Explicit Identifiers after vertical partitioning
method. Figure 2 describes the block diagram of the proposed
system.
In the proposed system, the data owners partition the EHR file
into three tables such as quasi identifiers, Explicit Identifiers
and a Medical Information table using a vertical data
partitioning method. Quasi Identifier and Explicit Identifier
tables are encrypted using a Key Policy Attribute Based
Encryption method and the access policy is encrypted using
Multi Authority Attribute Based Encryption. Then, the medical
information table along with those encrypted tables is published
in hybrid cloud. The key policy based encryption scheme
eliminates the user revocation problem in the current system.
Also implementing the MA-ABE scheme helps to increase the
scalability and provide fine grained access control to Electronic
Health Records. The policy can be developed based on the
recommended settings by the access policy system. The data
recipients in both PUDs and PSDs can access medical
information based on the dataset level. With the authorization
of EHR owners, they can directly access plaintext medical
records. Based on levels of authentication, recipients can merge
medical information with quasi identifiers or explicit identifiers
or both using Data merging components.

Fig. 1. Current system for Electronic Health Record in the Hybrid cloud

Fig. 2. Proposed System for Secure and Privacy Medical Data Access from Hybrid Cloud

187
Algorithm : Electronic Health Record (EHR) Encryption
Algorithm.
INPUT : Electronic Health Record File (D); (D) = { D1,D2…..Dn}.
Personal Domain Attribute Set (PSD);
PSD = {Apsd1,Apsd2,…….,Apsdn}, where A is attribute value
of personal recipient.
Public Domain Attribute set (PUD ); PUD = {A pud1,
Apud2,……,Apudn}.
OUTPUT : Encrypted File (De); De = { De1,De2,…Den}
with attributes of EID and QID.
Plaintext (Dp); Dp = {Dp1, Dp2, ….Dpn) with attributes of medical
information.
Anonymized table (Da); Da = { Da1,Da2,……Dan} with attributes of QID.
Initials: The original Electronic Health Record (D), Quasi Identifiers
(QID), Medical Information (MI), Explicit Identifiers (EID).
Assign NULL to both Da and De;
BEGIN:
Step 1: Input D,PUD and PSD;
Step 2: Encrypt QID and EID by extracting them from D;
For each i=1 and less than or equal to end of the record, n,
Repeat step 3 to 8 until end of the file reached.
Step 3: For each Aj element of EID U QID
Step 4: Dei(Aj)= E(KP-ABE)[ Di(Aj)] Using PSD attribute set.
Dei(Ak)= E(MA-ABE)[Dk(Aj)] Using PUD attribute set.
Step 5: Extract MI from D and store in Dp, as plaintext.
For each Aj element of MI
Dpi(Aj)= Di(Aj).
Step 6: Increment the value of i.
Step 7: Process the K-anonymization Partition for extracting QID from
D.
Step 8: For I =1 and less than or equal to end of the record, repeat the
until end of the file reached.
Step 9: For each Aj belong to QID
Dai(Aj) = Range (Ek), where di belongs to Ek.
Step 10: Store Output Da,Dp and De separately in Hybrid cloud
Step 11: END.
In the current solution, after partitioning the EMR file,
encryption of Quasi identifiers and Explicit Identifiers takes
place using an AES encryption method and the key is
encrypted using an RSA encryption method. In the proposed
algorithm, the explicit identifiers and Quasi-identifiers are
encrypted under a certain fine grained and role based access
policy for users from Public Domains (PUDs) and Personal
Domains (PSDs). In step 4, the data owner encrypts QID and
EID using a KP-ABE encryption method with a PSD attribute
set and a role based file access policy under an MA-ABE
encryption method with PUD attributes. In the Personal
Domain, a data owner gives access to EHR files to selected
users, such as family member or close friends. The privileged
access of different PSD users is different based on
relationship. The advantage of the proposed algorithm over
current solutions is that a Multi domain and multi authority
framework helps data owners key escrow problems, while
public users only need to contact the Attribute Authority for
a security key which reduces the overload for the Data owner.
In the current solution, traditional method is used for user
verification, while in the proposed system using security
domains so the recipient verification is easier.
V. IMPLEMENTATION OF HSS-EHRS SYSTEM.
The implementation of the HSS-EHRS system is based on
Windows Azure Cloud. We deployed our proposed system in
188
Windows azure Cloud and leveraged a Cloud web service
Azure SQL database and Virtual Machines. The
implementation of our HSS-EHRS mainly covers two phases.
In the first case, an Attribute Based Encryption Scheme such
as KP-ABE and MA-ABE is used for encrypting the EHR file
and fine grained access control. By using this encryption
method, we achieved a reduction in encryption time in the
proposed HSS-EHRS system. Also, we analyzed the Average
Response Time of HTTP requests to concurrent users in
Windows Azure cloud. The important elements of the
detailed design are Attribute Classification of EMR and Key
Distribution.
VI. RESULT AND DISCUSSION
A. Efficiency Based on Encryption time.
The result of the experiment on EHR encryption is shown in
table 1. For encryption, both current and proposed systems
only attribute values of Explicit Identifiers (EID) and Quasi
Identifiers (QID) are encrypted as cipher text. We conducted
the experiment with different sizes of EHR. Here, for the
current system, the data is encrypted using an Advanced
Encryption Standard (AES) method with key length 128. In
the proposed system, the attribute values are encrypted using
an Attribute based encryption method. In the private domain,
a Key policy Attribute based encryption is used and in the
public domain a Multi–Authority attribute based encryption
method is used. The encryption time of the current and
proposed system is shown in table 1, below. The proposed
system encryption time is based on the parameters,
exponential time for private domain Exp1=6.4ms and ExpT
=0.6ms for public domain and pairing time =2.5 ms. In the
case of the current system, the encryption time and security
is based on the key length and the number of pairings. To
carry out this experiment, we implemented both current and
proposed encryption techniques in java programming
language.
B. Average Response Time of HTTP request to concurrent
users in Windows Azure cloud.
The following table 2 shows the measurements of the
Average Response Time for a HTTP request for different
group sizes of users in private and public domains. For this
experiment, we deployed our proposed system in Windows
Azure Cloud and leveraged Cloud web services, Azure SQL
databases and Virtual machines. In the initial stage of this
experiment, we allocated sufficient SQL database and
Virtualized Web service in the server for handling any service
request. On the user side, concurrent users access the system
using different workload generation tools. Here, Apache
JMeter, workload generation tool is used for simulating 20
different groups of concurrent users from private and public
domains. This helps to evaluate the scalability of our
proposed system hosted in Windows Azure Cloud. From
table 4, it is clear that our proposed system with Windows
Azure Cloud configuration provides the best Quality service
in terms of response time for HTTP requests for web service
and query processing.
 TABLE I. ENCRYPTION TIME FOR CURRENT AND PROPOSED SYSTEM In contrast to the current system, the proposed system
guaranties a unified security framework for EHR sharing in
No.of Encryption multi-domain with multiple users. This framework provides
Input: EHR Attribut Time(ms) the facility of accessing EHR in public and personal domain
Type Size(Mb) es Proposed Current
system solution
with a strong access control mechanism. The proposed
[2] system provides the facility to users to choose their own
.doc 1 30 1593 4126.8 access policy for each EHR system. In our novel framework
.txt 5 35 4403.4 18378.4 we utilize the advantage of ABE scheme for EHR encryption,
.xlsx 10 40 5237.9 19671.9
so that data owners can allow access EHR by personal users
.Xlsx 20 45 6994.7 21899.3
.txt 50 50 8750.4 24470.7 as well as users from public domains with different roles.
.txt 70 55 10506.5 27442.4
VII. CONCLUSION.
.txt 100 60 12261.3 29906.6
.txt 150 65 15752.9 35441.3 The maintenance of EHRs in the cloud is an emerging field
.doc 200 70 17338.7 41198.9
in IT. However, there are concerns in terms of security and
.doc 250 75 19093.5 46150.2
.doc 300 80 21028.1 50423.8 privacy of data during storage and access. A significant
.doc 350 85 22717.6 55785.4 number of researchers have identified and implemented a
.txt 400 90 24474.5 59653.2 variety of security and privacy schemes. Yet, existing
.txt 450 95 26230.2 64867.1 methods often do not provide high degrees of security and
.txt 500 100 28167.3 68247.2 privacy of data in hybrid cloud.
.txt 550 105 29852.5 73112.8
.txt 600 110 31608.4 77599.5
In this paper, we propose a Hybrid Secure and Scalable
.doc 650 115 32962.8 85743.2 Electronic Health Record Sharing (HSS-EHRS) system,
.doc 700 120 35297.5 91870.5 whereby two cryptographic methods are utilized for
.doc 750 125 37904.7 95976.9 providing a flexible, secure and fine grained access to EHR
TABLE II. ENCRYPTION TIME FOR CURRENT AND PROPOSED SYSTEM files in hybrid cloud. The proposed framework divides the
system into two security domains and utilizes an ABE
Average response time of HTTP request (MS) encryption scheme to encrypt the EHR files. The proposed
Number
Proposed Current solution [2] system proved its efficiency based on encryption time and
of Users
System
1 120 133
concurrent recipient data access and sharing. The enhanced
6 135 139 MA-ABE encryption scheme is capable of handling on
12 153 157 demand recipient data access and providing high levels of
18 172 177 security.
22 190 198
25 195 201 REFERENCES
30 202 205
32 216 223
38 224 230 [1] Y. Chen, J. Lu and J. Jan, "A Secure EHR System Based on Hybrid
40 235 241 Clouds," Journal of Medical System, vol. 36, no. 5, p. 3375–3384,
2014. J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd
46 242 252
ed., vol. 2. Oxford: Clarendon, 1892, pp.68-73.
52 255 260
58 263 273 [2] J. J. Yang, J. Li and Y. Niu, "A Hybrid solution for privacy preserving
64 274 284 medical data sharing in cloud computing.," Future Generation
computer systems, vol. 43, no. 44, pp. 74-86, 2015.
72 286 295
80 297 309 [3] HIPPA, "104th United States Congress, Health Insurance Portability
85 312 319 and Accountability Act of 1996 (HIPPA) 1996.," 1996. [Online].
Available: http://aspe.hhs.gov/admnsimp/pl104191.htm.
94 321 332
98 336 349 [4] B. Coats and S. Acharya. S, "Bridging Electronic Health Record
110 353 366 Access to the Cloud.," IEEE 47th Hawaii International Conference on
System Science., pp. 2948-2957., 2014.
[5] K. Nagaty, "Mobile Health Care on a Secured Hybrid Cloud.," Cyber
In the proposed algorithm aspect, each patient (data owner) Journals, vol. 4, no. 2, 2014.
uses KP-ABE scheme for setup, key generation and [6] J. Meyer, "Open SOA Health Web Platform for Mobile Medical Apps:
revocation. In the case of encryption we use both KP-ABE Connecting Securely Mobile Devices with Distributed Electronic
Health Records and Medical Systems," IEEE, pp. 1-6, 2014.
and MA-ABE method, which guarantees confidentiality of
[7] A. Michalas, N. Paladi and C. Gehrmann, "Security Aspects of e-
Electronic Health Records against unauthorized access Health Systems Migration to the Cloud," IEEE 16th International
including curious cloud service providers. Also it helps to Conference on e-Health Networking, pp. 212-218, 2014.
maintain the collusion resistance. The decryption operation [8] J. Reardon, D. Basin and S. Capkun, "“Sok: Secure data deletion,” in
in our proposed system is quiet fast, because it includes only SecurityandPrivacy(SP)," IEEESymposiumon, pp. 301-315, 2013.
(Apud)+1 pairing operations. All operations including [9] H. Aljafera, Z. Malika and M. Alodibb, "A brief overview and an
encryption and decryption time, cost of key generation are experimental evaluation of data confidentiality measures on the cloud,"
Journal of Innovation in Digital Ecosystems, vol. 1, no. 1-2, pp. 1-11,
linear to the number of attributes. For 10 attribute, it takes December 2014.
only less than 500ms.

189
[10] S. Lu, R. Ranjan and P. Strazdins, "Reporting an experience on design
and implementation of e-Health systems on Azure cloud.," CSIRO
Computational Informatics., vol. 27, no. 10, pp. 2602-2615., 2015.
[11] M. N. Shrestha, A. Alsadoon, C. P. Prasad and Houran, "Enhanced e-
Health Framework for Security and Privacy in Healthcare.," IEEE, pp.
75-79., 2016.
[12] S. Suresh, "Highly Secured Cloud Based Personal Health Record
Model.," International Conference on Green Engineering and
Technologies (IC-GET), pp. 1-4, 2015.
[13] B. Wang, . B. Li and H. Li, "Oruta: Privacy-Preserving Public Auditing
for Shared Data in the Cloud," IEEE 5th International Conference, pp.
295-302., 2012.
[14] Z. Liu, J. Weng, J. Li, J. Yang, C. Fu and C. Jia, "Cloud-based
electronic health record system supporting fuzzy keyword search," Soft
Computing, vol. 20, no. 8, p. 3243–3255, 2016.
[15] Q. Zhang, M. F. Zhani, R. Boutaba and J. L. Heller, "Harmony:
Dynamic Heterogeneity-Aware Resource Provisioning in the Cloud,"
IEEE 33rd International Conference, pp. 510-519., 2013

190