phr system in secure domains

1. Securing PHR System by Employing Multi-Attribute
Records in Secure Domains
Mr.Dr.R.RajkumarBE.,M.Tech.,Ph.D.,& R.Boorangan M.sc CS
SCOPE, VIT University
rrajkumar@vit.ac.in mobile no:+91 9944649355
ABSTRACT
Personal health records (PHR) is totally patient controlled system which provides extra security
and scalability. All this information is stored on third party servers ie. cloud service providers.
Nowadays there are a lot of privacy concerns about PHR’s to prevent from unauthorized access.
In order to access our own PHRS, it needs to be encrypted before storing in cloud. Still there are
several challenges such as reliability, security, scalability which needs to overcome by any
efficient system. In this paper, we propose a novel patient-centric framework for data access
control to PHRs stored in semi-trusted servers. To achieve our goal of most secure and scalable
system we are adopting attribute based encryption to encrypt patient’s record. In our system we
have concentrated on multi-attribute records from different entities belonging to different
domains. Patient’s data security is maintained by employing multi-attribute records in secure
domains. This system will provide more flexibility to file attributes for storage in cloud. This
will also provide on demand user attribute annulment to emergency staff in serious conditions. I
am also trying to make the system authentication in offline environment.
Keyword – attribute based encryption, cloud computing, personal health record system, security
of data at rest, offline authentication, multi attribute records.
1 INTRODUCTION
1.1 BACKGROUND
In recent years, personal health record (PHR) has emerged as a patient-centric model of
health information exchange. A PHR service allows a patient to create, manage, and control
it’s personal health data in one place through the web, which has made the storage, retrieval,
and sharing of the medical information more efficient[14]. Especially, each patient is

2. promised the full control of her medical records and can share her health data with a wide
range of users, including healthcare providers, family members or friends. Due to the high
cost of building and maintaining specialized data centers, many PHR services are outsourced
to or provided by third-party service providers, for example, Microsoft HealthVault1[18].
While it is exciting to have convenient PHR services for everyone, there are many security
and privacy risks which could impede its wide adoption. The main concern is about whether
the patients could actually control the sharing of their sensitive personal health information
(PHI), especially when they are stored on a third-party server which people may not fully
trust. On the one hand, although there exist healthcare regulations such as HIPAA which is
recently amended to incorporate business associates, cloud providers are usually not covered
entities. On the other hand, due to the high value of the sensitive personal health information
(PHI), the third-party storage servers are often the targets of various malicious behaviors
which may lead to exposure of the PHI[23]. As a famous incident, a Department of Veterans
Affairs database containing sensitive PHI of 26.5 million military veterans, including their
social security numbers and health problems was stolen by an employee who took the data
home without authorization. To ensure patient-centric privacy control over their own PHRs,
it is essential to have fine-grained data access control mechanisms that work with semi-
trusted servers. A feasible and promising approach would be to encrypt the data before
outsourcing. Basically, the PHR owner herself should decide how to encrypt her files and to
allow which set of users to obtain access to each file. A PHR file should only be available to
the users who are given the corresponding decryption key, while remain confidential to the
rest of users. Furthermore, the patient shall always retain the right to not only grant, but also
revoke access privileges when they feel it is necessary. However, the goal of patient-centric
privacy is often in conflict with scalability in a PHR system. The authorized users may either
need to access the PHR for personal use or professional purposes. Examples of the former are
family member and friends, while the latter can be medical doctors, pharmacists, and
researchers, etc. We refer to the two categories of users as personal and professional users,
respectively. The latter has potentially large scale; should each owner herself be directly
responsible for managing all the professional users, she will easily be overwhelmed by the
key management overhead. In addition, since those user’s access requests are generally
unpredictable, it is difficult for an owner to determine a list of them. In a PHR system, there

3. are multiple owners who may encrypt according to their own ways, possibly using different
sets of cryptographic keys. We provide a thorough analysis of the complexity and scalability
of our proposed secure PHR sharing solution, in terms of multiple metrics in computation,
communication, storage and key management[19]. We also compare our scheme to several
previous ones in complexity, scalability and security. Furthermore, we demonstrate the
efficiency of our scheme by implementing it on a modern workstation and performing
experiments/simulations.
1.2 PROBLEM STATEMENT
PHR service is emerging model in health information exchange. It allows patients to create,
manage, control and share their health information with other users as well as healthcare
providers. In reality, a PHR service is likely to be hosted by third-party cloud service
providers in order to enhance its interoperability. However, there have been serious privacy
concerns about outsourcing patient’s PHR data to cloud servers, not only because cloud
providers are generally not covered entities under the “Health Insurance Portability and
Accountability Act” (HIPAA)[23], but also due to an increasing number of cloud data breach
incidents happened in recent years. To assure the patients’ control over access to their own
PHRs, it is a promising method to encrypt the PHRs before outsourcing. The system will
store all the related PHR’s on the semi trusted servers. To achieve fine grained access over
the patient’s record attribute based encryption (ABE) is used. Fine grained access over the
PHR records is necessary to ensure patient centric privacy control. One of the tasks facing
the medical community today is to represent the extensive terminology content that already
exists in this new medium.
2. PROPOSED WORK
2.1 METHODOLOGY
The main goal of our framework is to provide secure patient-centric PHR access and efficient
key management at the same time. The key idea is to divide the system into multiple security
domains (namely, public domains (PUDs) and personal domains (PSDs)) according to the
different users’ data access requirements. There are multiple “attribute authorities” (AAs)[5],

4. each governing a disjoint subset of attributes. Role attributes are defined for PUDs, representing
the professional role or obligations of a PUD user. Users in PUDs obtain their attribute-based
secret keys from the AAs, without directly interacting with the owners. To control access from
PUD users, owners are free to specify role-based fine-grained access policies for her PHR files,
while do not need to know the list of authorized users when doing encryption[22]. Since the
PUDs contain the majority of users, it greatly reduces the key management overhead for both the
owners and users. Each data owner (e.g., patient) is a trusted authority of her own PSD. The
users are personally known by the PHR owner, to realize patient-centric access, the owner is at
the best position to grant user access privileges on a case-by-case basis. For PSD, data attributes
are defined which refer to the intrinsic properties of the PHR data[20], such as the category of a
PHR file. For the purpose of PSD access, each PHR file is labeled with its data attributes, while
the key size is only linear with the number of file categories a user can access. Since the number
of users in a PSD is often small, it reduces the burden for the owner. When encrypting the data
for PSD, all that the owner needs to know is the intrinsic data properties.
2.2 MATERIAL
As this PHR based information is being stored in cloud so, I need to proceed with web based
application interface. All the logic related to interface and patient related framework is built in
standard HTML and JSP’s. All the data is stored on cloud space provided by Google app engine.
This application will be running in real time environment so all the possible queries for patient
details are provided on web interface. All PUD and PSD users are able to get details of patient
based on PHR –ID’s. The Google app engine has various API’s like data store, which will
enable admin to manage all the users in the application. In this application the admin can grant
access control to the public or private domain users. As more sensitive data is shared and stored
by third-party sites on the Internet, there will be a need to encrypt data stored at these sites.
2.3 SYSTEM ELEMENTS
In the figure1 drawn there is cloud server which is mainly used for storage all the data related to
patient. It is the central part of the framework. There are various entities such as PSD, PUD,
PHR owner, doctors and emergency staff which plays important role in accessing the PHR’s.

5. Among all these entities the main role is of PHR owner, because he is the one who will be
assigning the attributes to the either public domain users or personal domain users.
Figure 1: Elements of the System
2.4 SYSTEM FUNCTIONING
Figure 2: System functioning (Architecture)
Fig 2 represents the architecture of PHR records to be managed in cloud. In this cloud server
plays important role as it manages and stores all the records securely. Emergency staff will also
be able to get all the information about the patient. The remaining entities i.e. Medical

6. researcher, hospital staff and WHO can also get the information of patient either for research or
other activities.
2.4.1 PROCEDURE WITH EXAMPLE SNAPSHOTS
Snapshot 1: Main form
1. The new user will register with basic information to the personal health care portal. The
PHR-id will be sent to the registered mail id of the user as shown in snapshot 2.
Snapshot 2: Registration form

7. 2. The user will login to the PHR portal and fill the patient’s important details such as
allergy, HIV status and prescription. Then he will set the attributes to be set for that
particular record as shown in snapshot 3.
Snapshot 3: Uploading PHR
3. The newly registered user is PHR owner in our system, and then he will then check
whether he has received any request for allowing access to the patient’s information by
either personal domain which includes friends and family or public domain which
includes researchers, doctors and insurance companies as shown in above snapshot 3.
4. Now the person from personal domain is allowed to request for PHR-id of the patient.
Then that request is sent to the PHR owner. If PHR owner will accept the request then
secrete code is sent to mail id of the person who is making a request. Using that secrete
code that user can login in to the personal domain and get details about the PHR of
patient. See snapshot 4.
Snapshot 4: Personal Domain

8. 5. If in case any emergency staff need any information of patient then he will first registered
in the emergency domain with basic information. Then that staff will login in to the
emergency portal with PHR ID of the patient. Then after his request accepted by the
admin he also will receive secrete code on registered mail-id. Using this code that staff
can login to the portal and get details of patient. See snapshot 5.
Snapshot 5: PUD Registration
3. PROCESSING AT CLOUD SERVER
In above section we discuss the front end while in this we focus on how processing takes place in
background at cloud server. Below example the user is in PSD(personal domain) so have access
only to personal information and for encryption we use El-Gamal encryption.
NAME Raj
AGE 22
GENDER Male
MAIL ID Raj102@yahoo.com
ADDRESS 204 Boriwali, Mumbai
Table 1: Personal Information
Figure 3: Encrypted table 1 using elgamal encryption
624 520 616 552 72 656 776 848 80 520 568 552 72 400 400 80 568 552 624 544 552 656 72
616 776 864 808 80 616 520 584 608 256 584 544 72 656 776 848 392 384 400 512 968 776
832 888 888 368 792 888 872 520 544 544 656 552 664 664 72 400 384 416 256 528 888 912
840 952 776 864 840 352 256 616 936 872 784 776 840 256 80

9. NAME Raj
AGE 22
GENDER Male
MAIL ID Raj102@yahoo.com
ADDRESS 204 Boriwali, Mumbai
Table 2: Decrypted information by PSDs granted by owner according to their attributes
Similarly separate tables of medical history, prescription, and sensitive information is created
and encrypted with different keys using any encryption algorithm (here we have used El-gamal).
And according to the attributes of the user the accessibility of table and key is granted like for
hospitals no read/write to personal info.
4. CONCLUSION AND FUTURE WORK
In this paper, we have proposed a novel framework of secure sharing of personal health
records in cloud computing. Considering partially trustworthy cloud servers, we argue that to
fully realize the patient-centric concept, patients shall have complete control of their own
privacy through encrypting their PHR files to allow fine-grained access. The framework
addresses the unique challenges brought by multiple PHR owners and users, in that we
greatly reduce the complexity of key management while enhance the privacy guarantees
compared with previous works. We utilize ABE to encrypt the PHR data, so that patients can
allow access not only by personal users, but also various users from public domains with
different professional roles, qualifications and affiliations. Furthermore, we enhance an
existing MA-ABE scheme to handle efficient and on-demand user revocation, and prove its
security. Through implementation and simulation, we show that our solution is both scalable
and efficient.
Moreover, users should be able to just use the cloud storage as if it is local, without worrying
about the need to verify its integrity. Thus, enabling public audit ability for cloud storage is
of critical importance so that users can resort to a third-party auditor (TPA) to check the
integrity of outsourced data and be worry free. To securely introduce an effective TPA, the
auditing process should bring in no new vulnerabilities toward user data privacy, and

10. introduce no additional online burden to user. In this paper, we propose
a secure cloud storage system supporting privacy-preserving public auditing.
5. REFERENCES
[1] M. Li, S. Yu, K. Ren, and W. Lou, “Securing personal health records in cloud
computing: Patient-centric and fine-grained data access control in multi-owner settings,” in
SecureComm’10, Sept. 2010, pp. 89–106.
[2] H. Lohr, A.-R. Sadeghi, and M. Winandy, “Securing the e-health cloud,” in Proceedings
of the 1st ACM International Health Informatics Symposium, ser. IHI ’10, 2010, pp. 220–
229.
[3] M. Li, S. Yu, N. Cao, and W. Lou, “Authorized private keyword search over encrypted
personal health records in cloud computing,” in ICDCS ’11, Jun. 2011.
[4] “The health insurance portability and accountability act.” [Online]. Available:
http://www.cms.hhs.gov/HIPAAGenInfo/01 Overview.asp
[5] “Google, microsoft say hipaa stimulus rule doesn’t apply to them,”
http://www.ihealthbeat.org/Articles/2009/4/8/.
[6] “At risk of exposure – in the push for electronic medical records, concern is growing
about how well privacy can be safeguarded,” 2006. [Online]. Available:
http://articles.latimes.com/2006/jun/26/health/he-privacy26
[7] K. D. Mandl, P. Szolovits, and I. S. Kohane, “Public standards and patients’ control: how
to keep electronic medical records accessible but private,” BMJ, vol. 322, no. 7281, p. 283,
Feb. 2001.
[8] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient controlled encryption: ensuring
privacy of electronic medical records,” in CCSW ’09, 2009, pp. 103–114.
[9] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data
access control in cloud computing,” in IEEE INFOCOM’10, 2010.
[10] C. Dong, G. Russello, and N. Dulay, “Shared and searchable encrypted data for
untrusted servers,” in Journal of Computer Security, 2010.
[11] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-
grained access control of encrypted data,” in CCS ’06, 2006, pp. 89–98.

11. [12] M. Li, W. Lou, and K. Ren, “Data security and privacy in wireless body area networks,”
IEEEWireless Communications Magazine, Feb. 2010.
[13] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient
revocation,” in ACM CCS, ser. CCS ’08, 2008, pp. 417–426.
[14] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Ciphertext-policy
attribute-based threshold decryption with flexible delegation and revocation of user
attributes,” 2009.
[15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute
revocation,” in ASIACCS’10, 2010.
[16] S. Narayan, M. Gagn´e, and R. Safavi-Naini, “Privacy preserving ehr system using
attribute-based infrastructure,” ser. CCSW ’10, 2010, pp. 47–52.
[17] X. Liang, R. Lu, X. Lin, and X. S. Shen, “Patient self-controllable access policy on phi
in ehealthcare systems,” in AHIC 2010, 2010.
[18] L. Ibraimi, M. Asim, and M. Petkovic, “Secure management of personal health records
by applying attribute-based encryption,” Technical Report, University of Twente, 2009.
[19] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,”
in IEEE S& P ’07, 2007, pp. 321–334.
[20] J. A. Akinyele, C. U. Lehmann, M. D. Green, M. W. Pagano, Z. N. J. Peterson, and A.
D. Rubin, “Self-protecting electronic medical records using attribute-based encryption,”
Cryptologye Print Archive, Report 2010/565, 2010, http://eprint.iacr.org/.