Professional Documents
Culture Documents
Abstract— Cloud computing has become an integral part of the proposed system together with its logical design are given in
operation of health. However, there are major security and sections 4, and 5 respectively. Section 6 analyses
privacy issues in terms of accessing medical records from the implementation results. The conclusion and future research is
hybrid cloud environment. In this paper, a new secure hybrid discussed in section 7.
Electronic Health Record system is proposed. In this framework,
two efficient encryption methods are combined for fine grained II. LITERATURE REVIEW
access control and protection of data privacy. Multi-authority and
Key-based encryption schemes are used for the encryption of each A. Impact of Cloud security and privacy in EHR
part of health records after dividing those records using a vertical
partitioning method. Multi-authority encryption schemes are
Over the last decade, cloud computing has grown as a new
primarily used in the Public Domains (PUDs), while Key-based service model leading to the establishment of numerous cloud
encryption schemes are prevalent in Personal Domains (PSDs). based data centers as cost-effective platforms for hosting large-
Together, they provide; secure data access and authentication of scale service applications. However, notwithstanding
users. Implementation is facilitated using Windows Azure Cloud considerable benefits and services, the problem of security and
Computing platform. privacy of medical data access has been significant for service
providers. To mitigate this, researchers have proposed
Keywords— Privacy, security, Electronic health records, Hybrid numerous techniques and methods. [2], have proposed a
cloud, Data access, Authentication.
practical hybrid solution for secure data access in cloud, which
I. INTRODUCTION ensures high data reliability, security and integrity by
combining statistical and cryptographic techniques. The aim of
The capacity of cloud computing to store and share globally this model is to provide flexible and secure medical data access
large amounts of information has made this technology highly
with maximum data utilization and privacy protection.
useful for the health industry [1]. Electronic Health Record
systems (EHR) consist of a large amount of electronic health Others have focused on an effective and secure Electronic
information, which, with the help of cloud computing, can be Health Record (EHR) system by meeting cloud security
easily and effectively managed, shared, providing access to the requirements through confidentiality, integrity, availability,
personal health information of patients. The high cost of non-repudiation, protection of patient medical information, and
building and maintaining Electronic Health Record (EHR) privacy as in [1]. These researchers have introduced a secure
systems leads health organizations to migrating to cloud or EHR system, which meets the requirements of the Health
outsourcing services from cloud health service providers such Insurance Portability and Accountability Act [3]. Similarly, [4]
as Google Health. Due to the benefit of multiple deployments introduce a user-friendly framework for health providers, which
model in hybrid cloud, increased the interest of health industries help to secure electronic health record access using hybrid
to host their EHR application toward in hybrid infrastructures. cloud. In this framework, authors ensure fine grained access
This development has heightened the problem of security and control by implementing strong authentication and efficient
privacy in terms of access of EHRs. To overcome the encryption algorithms.
challenges created by the inclusion of cloud computing, and to
ensure the medical data, it is crucial to have a fine grained B. Survey of Mobile EHR Cloud Architecture
access control method and an effective authentication scheme. Several researchers have also concentrated on developing the
To achieve this and maintain security of sensitive information,
architecture for mobile health cloud and have presented a
encryption is the most suitable method.
detailed survey of the problems caused by mobile computing.
The aim of this project is to propose a hybrid solution for [5], propose a mobile health application by integrating
sharing EHRs in a hybrid cloud environment by preserving cryptography, mobile application, and Role Based Access
security and privacy. To achieve fine grained access control for control in hybrid cloud. This system helps to speed up and
EHRs, we innovatively combine two Attribute Based improve medical services by means of providing security and
Encryption (ABE) techniques to encrypt each patient’s EHR privacy. [6], implement an Open SOA web platform suitable for
file. The remainder of this paper is organized as follows: mobile health application. This system provides some features
Section 2 reviews relevant literature. Section 3 analyses the best such as secure online vital sign access of patients and gives
current solution, identifying limitations and mitigations and guidelines to patients based on those signs. Similarly, [7] have
discussing the proposed system. Implementation details for the presented a detailed survey of security requirements while
186
partitioning method. Quasi Identifier and Explicit Identifier Health Records. The policy can be developed based on the
tables are encrypted using a Key Policy Attribute Based recommended settings by the access policy system. The data
Encryption method and the access policy is encrypted using recipients in both PUDs and PSDs can access medical
Multi Authority Attribute Based Encryption. Then, the medical information based on the dataset level. With the authorization
information table along with those encrypted tables is published of EHR owners, they can directly access plaintext medical
in hybrid cloud. The key policy based encryption scheme records. Based on levels of authentication, recipients can merge
eliminates the user revocation problem in the current system. medical information with quasi identifiers or explicit identifiers
Also implementing the MA-ABE scheme helps to increase the or both using Data merging components.
scalability and provide fine grained access control to Electronic
Fig. 1. Current system for Electronic Health Record in the Hybrid cloud
Fig. 2. Proposed System for Secure and Privacy Medical Data Access from Hybrid Cloud
187
Algorithm : Electronic Health Record (EHR) Encryption Windows azure Cloud and leveraged a Cloud web service
Algorithm. Azure SQL database and Virtual Machines. The
INPUT : Electronic Health Record File (D); (D) = { D1,D2…..Dn}. implementation of our HSS-EHRS mainly covers two phases.
Personal Domain Attribute Set (PSD);
PSD = {Apsd1,Apsd2,…….,Apsdn}, where A is attribute value In the first case, an Attribute Based Encryption Scheme such
of personal recipient. as KP-ABE and MA-ABE is used for encrypting the EHR file
Public Domain Attribute set (PUD ); PUD = {A pud1, and fine grained access control. By using this encryption
Apud2,……,Apudn}. method, we achieved a reduction in encryption time in the
OUTPUT : Encrypted File (De); De = { De1,De2,…Den}
with attributes of EID and QID. proposed HSS-EHRS system. Also, we analyzed the Average
Plaintext (Dp); Dp = {Dp1, Dp2, ….Dpn) with attributes of medical Response Time of HTTP requests to concurrent users in
information. Windows Azure cloud. The important elements of the
Anonymized table (Da); Da = { Da1,Da2,……Dan} with attributes of QID. detailed design are Attribute Classification of EMR and Key
Initials: The original Electronic Health Record (D), Quasi Identifiers Distribution.
(QID), Medical Information (MI), Explicit Identifiers (EID).
Assign NULL to both Da and De; VI. RESULT AND DISCUSSION
BEGIN:
Step 1: Input D,PUD and PSD; A. Efficiency Based on Encryption time.
Step 2: Encrypt QID and EID by extracting them from D;
For each i=1 and less than or equal to end of the record, n, The result of the experiment on EHR encryption is shown in
Repeat step 3 to 8 until end of the file reached. table 1. For encryption, both current and proposed systems
Step 3: For each Aj element of EID U QID only attribute values of Explicit Identifiers (EID) and Quasi
Step 4: Dei(Aj)= E(KP-ABE)[ Di(Aj)] Using PSD attribute set. Identifiers (QID) are encrypted as cipher text. We conducted
Dei(Ak)= E(MA-ABE)[Dk(Aj)] Using PUD attribute set.
Step 5: Extract MI from D and store in Dp, as plaintext. the experiment with different sizes of EHR. Here, for the
For each Aj element of MI current system, the data is encrypted using an Advanced
Dpi(Aj)= Di(Aj). Encryption Standard (AES) method with key length 128. In
Step 6: Increment the value of i. the proposed system, the attribute values are encrypted using
Step 7: Process the K-anonymization Partition for extracting QID from
D. an Attribute based encryption method. In the private domain,
Step 8: For I =1 and less than or equal to end of the record, repeat the a Key policy Attribute based encryption is used and in the
until end of the file reached. public domain a Multi–Authority attribute based encryption
Step 9: For each Aj belong to QID method is used. The encryption time of the current and
Dai(Aj) = Range (Ek), where di belongs to Ek.
Step 10: Store Output Da,Dp and De separately in Hybrid cloud proposed system is shown in table 1, below. The proposed
Step 11: END. system encryption time is based on the parameters,
exponential time for private domain Exp1=6.4ms and ExpT
=0.6ms for public domain and pairing time =2.5 ms. In the
In the current solution, after partitioning the EMR file, case of the current system, the encryption time and security
encryption of Quasi identifiers and Explicit Identifiers takes is based on the key length and the number of pairings. To
place using an AES encryption method and the key is carry out this experiment, we implemented both current and
encrypted using an RSA encryption method. In the proposed proposed encryption techniques in java programming
algorithm, the explicit identifiers and Quasi-identifiers are language.
encrypted under a certain fine grained and role based access
policy for users from Public Domains (PUDs) and Personal B. Average Response Time of HTTP request to concurrent
Domains (PSDs). In step 4, the data owner encrypts QID and users in Windows Azure cloud.
EID using a KP-ABE encryption method with a PSD attribute The following table 2 shows the measurements of the
set and a role based file access policy under an MA-ABE Average Response Time for a HTTP request for different
encryption method with PUD attributes. In the Personal group sizes of users in private and public domains. For this
Domain, a data owner gives access to EHR files to selected experiment, we deployed our proposed system in Windows
users, such as family member or close friends. The privileged Azure Cloud and leveraged Cloud web services, Azure SQL
access of different PSD users is different based on databases and Virtual machines. In the initial stage of this
relationship. The advantage of the proposed algorithm over experiment, we allocated sufficient SQL database and
current solutions is that a Multi domain and multi authority Virtualized Web service in the server for handling any service
framework helps data owners key escrow problems, while request. On the user side, concurrent users access the system
public users only need to contact the Attribute Authority for using different workload generation tools. Here, Apache
a security key which reduces the overload for the Data owner. JMeter, workload generation tool is used for simulating 20
In the current solution, traditional method is used for user different groups of concurrent users from private and public
verification, while in the proposed system using security domains. This helps to evaluate the scalability of our
domains so the recipient verification is easier. proposed system hosted in Windows Azure Cloud. From
table 4, it is clear that our proposed system with Windows
V. IMPLEMENTATION OF HSS-EHRS SYSTEM.
Azure Cloud configuration provides the best Quality service
The implementation of the HSS-EHRS system is based on in terms of response time for HTTP requests for web service
Windows Azure Cloud. We deployed our proposed system in and query processing.
188
TABLE I. ENCRYPTION TIME FOR CURRENT AND PROPOSED SYSTEM In contrast to the current system, the proposed system
guaranties a unified security framework for EHR sharing in
No.of Encryption multi-domain with multiple users. This framework provides
Input: EHR Attribut Time(ms) the facility of accessing EHR in public and personal domain
Type Size(Mb) es Proposed Current
system solution
with a strong access control mechanism. The proposed
[2] system provides the facility to users to choose their own
.doc 1 30 1593 4126.8 access policy for each EHR system. In our novel framework
.txt 5 35 4403.4 18378.4 we utilize the advantage of ABE scheme for EHR encryption,
.xlsx 10 40 5237.9 19671.9
so that data owners can allow access EHR by personal users
.Xlsx 20 45 6994.7 21899.3
.txt 50 50 8750.4 24470.7 as well as users from public domains with different roles.
.txt 70 55 10506.5 27442.4
VII. CONCLUSION.
.txt 100 60 12261.3 29906.6
.txt 150 65 15752.9 35441.3 The maintenance of EHRs in the cloud is an emerging field
.doc 200 70 17338.7 41198.9
in IT. However, there are concerns in terms of security and
.doc 250 75 19093.5 46150.2
.doc 300 80 21028.1 50423.8 privacy of data during storage and access. A significant
.doc 350 85 22717.6 55785.4 number of researchers have identified and implemented a
.txt 400 90 24474.5 59653.2 variety of security and privacy schemes. Yet, existing
.txt 450 95 26230.2 64867.1 methods often do not provide high degrees of security and
.txt 500 100 28167.3 68247.2 privacy of data in hybrid cloud.
.txt 550 105 29852.5 73112.8
.txt 600 110 31608.4 77599.5
In this paper, we propose a Hybrid Secure and Scalable
.doc 650 115 32962.8 85743.2 Electronic Health Record Sharing (HSS-EHRS) system,
.doc 700 120 35297.5 91870.5 whereby two cryptographic methods are utilized for
.doc 750 125 37904.7 95976.9 providing a flexible, secure and fine grained access to EHR
TABLE II. ENCRYPTION TIME FOR CURRENT AND PROPOSED SYSTEM files in hybrid cloud. The proposed framework divides the
system into two security domains and utilizes an ABE
Average response time of HTTP request (MS) encryption scheme to encrypt the EHR files. The proposed
Number
Proposed Current solution [2] system proved its efficiency based on encryption time and
of Users
System
1 120 133
concurrent recipient data access and sharing. The enhanced
6 135 139 MA-ABE encryption scheme is capable of handling on
12 153 157 demand recipient data access and providing high levels of
18 172 177 security.
22 190 198
25 195 201 REFERENCES
30 202 205
32 216 223
38 224 230 [1] Y. Chen, J. Lu and J. Jan, "A Secure EHR System Based on Hybrid
40 235 241 Clouds," Journal of Medical System, vol. 36, no. 5, p. 3375–3384,
2014. J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd
46 242 252
ed., vol. 2. Oxford: Clarendon, 1892, pp.68-73.
52 255 260
58 263 273 [2] J. J. Yang, J. Li and Y. Niu, "A Hybrid solution for privacy preserving
64 274 284 medical data sharing in cloud computing.," Future Generation
computer systems, vol. 43, no. 44, pp. 74-86, 2015.
72 286 295
80 297 309 [3] HIPPA, "104th United States Congress, Health Insurance Portability
85 312 319 and Accountability Act of 1996 (HIPPA) 1996.," 1996. [Online].
Available: http://aspe.hhs.gov/admnsimp/pl104191.htm.
94 321 332
98 336 349 [4] B. Coats and S. Acharya. S, "Bridging Electronic Health Record
110 353 366 Access to the Cloud.," IEEE 47th Hawaii International Conference on
System Science., pp. 2948-2957., 2014.
[5] K. Nagaty, "Mobile Health Care on a Secured Hybrid Cloud.," Cyber
In the proposed algorithm aspect, each patient (data owner) Journals, vol. 4, no. 2, 2014.
uses KP-ABE scheme for setup, key generation and [6] J. Meyer, "Open SOA Health Web Platform for Mobile Medical Apps:
revocation. In the case of encryption we use both KP-ABE Connecting Securely Mobile Devices with Distributed Electronic
Health Records and Medical Systems," IEEE, pp. 1-6, 2014.
and MA-ABE method, which guarantees confidentiality of
[7] A. Michalas, N. Paladi and C. Gehrmann, "Security Aspects of e-
Electronic Health Records against unauthorized access Health Systems Migration to the Cloud," IEEE 16th International
including curious cloud service providers. Also it helps to Conference on e-Health Networking, pp. 212-218, 2014.
maintain the collusion resistance. The decryption operation [8] J. Reardon, D. Basin and S. Capkun, "“Sok: Secure data deletion,” in
in our proposed system is quiet fast, because it includes only SecurityandPrivacy(SP)," IEEESymposiumon, pp. 301-315, 2013.
(Apud)+1 pairing operations. All operations including [9] H. Aljafera, Z. Malika and M. Alodibb, "A brief overview and an
encryption and decryption time, cost of key generation are experimental evaluation of data confidentiality measures on the cloud,"
Journal of Innovation in Digital Ecosystems, vol. 1, no. 1-2, pp. 1-11,
linear to the number of attributes. For 10 attribute, it takes December 2014.
only less than 500ms.
189
[10] S. Lu, R. Ranjan and P. Strazdins, "Reporting an experience on design
and implementation of e-Health systems on Azure cloud.," CSIRO
Computational Informatics., vol. 27, no. 10, pp. 2602-2615., 2015.
[11] M. N. Shrestha, A. Alsadoon, C. P. Prasad and Houran, "Enhanced e-
Health Framework for Security and Privacy in Healthcare.," IEEE, pp.
75-79., 2016.
[12] S. Suresh, "Highly Secured Cloud Based Personal Health Record
Model.," International Conference on Green Engineering and
Technologies (IC-GET), pp. 1-4, 2015.
[13] B. Wang, . B. Li and H. Li, "Oruta: Privacy-Preserving Public Auditing
for Shared Data in the Cloud," IEEE 5th International Conference, pp.
295-302., 2012.
[14] Z. Liu, J. Weng, J. Li, J. Yang, C. Fu and C. Jia, "Cloud-based
electronic health record system supporting fuzzy keyword search," Soft
Computing, vol. 20, no. 8, p. 3243–3255, 2016.
[15] Q. Zhang, M. F. Zhani, R. Boutaba and J. L. Heller, "Harmony:
Dynamic Heterogeneity-Aware Resource Provisioning in the Cloud,"
IEEE 33rd International Conference, pp. 510-519., 2013
190