Ensuring Privacy and Security in Data Sharing under Cloud Environment

446 views

Published on

An important application of data sharing in cloud environment is the storage and retrieval of Patient
Health Records (PHR) that maintain the patient’s personal and diagnosis information. These records should be
maintained with privacy and security for safe retrieval. The privacy mechanism protects the sensitive attributes.
The security schemes are used to protect the data from public access. The data are allowed to be accessed only
by authorized individuals. Each party is assigned with access permission for a set of attributes. Data owners
update the patient data into third party cloud data centers. The attribute based encryption (ABE) scheme is used
to secure these patient records. Multiple owners are allowed to access the same data values. The Multi
Authority Attribute Based Encryption (MA-ABE) scheme is used to provide multiple authority based access
control mechanism due to its vast access. The MA-ABE model is not tuned to provide identity based access
mechanism. Distributed storage model is not supported in the MA-ABE model.The proposed system is
designed to provide identity based encryption facility. The attribute based encryption scheme is enhanced to
handle distributed attribute based encryption process. Data update and key management operations are tuned
for multi user access environment.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Ensuring Privacy and Security in Data Sharing under Cloud Environment

  1. 1. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 188Ensuring Privacy and Security in Data Sharingunder Cloud EnvironmentShilpa Elsa AbrahamNandha Engineering CollegeErode, IndiaR.GokulavananNandha Engineering CollegeErode, India-----------------------------------------------------------------------------------------------------------------------Abstract: An important application of data sharing in cloud environment is the storage and retrieval of PatientHealth Records (PHR) that maintain the patient’s personal and diagnosis information. These records should bemaintained with privacy and security for safe retrieval. The privacy mechanism protects the sensitive attributes.The security schemes are used to protect the data from public access. The data are allowed to be accessed onlyby authorized individuals. Each party is assigned with access permission for a set of attributes. Data ownersupdate the patient data into third party cloud data centers. The attribute based encryption (ABE) scheme is usedto secure these patient records. Multiple owners are allowed to access the same data values. The MultiAuthority Attribute Based Encryption (MA-ABE) scheme is used to provide multiple authority based accesscontrol mechanism due to its vast access. The MA-ABE model is not tuned to provide identity based accessmechanism. Distributed storage model is not supported in the MA-ABE model.The proposed system isdesigned to provide identity based encryption facility. The attribute based encryption scheme is enhanced tohandle distributed attribute based encryption process. Data update and key management operations are tunedfor multi user access environment.Keywords: Personal health records, cloud computing, multi-authority attribute-based encryption, distributedenvironment, attribute based encryption---------------------------------------------------------------------------------------------------------------------------------1. INTRODUCTIONCloud computing is the useof computing resources which may be hardware orsoftware that are delivered as a service over anetwork. Cloud computing entitles resource sharingto achieve best utility over a network. Resources areshared on a need basis in the best possible mannerunder clouds. The Personal Health Record (PHR)sharing among a wide range of personnel has beenidentified as an important application in the field ofcloud computing. A personal health record is a healthrecord where health data and information related tothe care of a patient is maintained by the patienthimself. The purpose of PHR is to provide accuratemedical details about the patient, which can beaccessed online also. PHR can cover a wide variety ofinformation including prescription report, familyhistory, allergy details, and laboratory test results andso on.In recent years, personal health record hasemerged as a prominent patient-centric model ofhealth information exchange. The patient himself isthe core owner of his /her data. This record enablesthe patient to create and control her medical data thatare placed data center, from where differentindividuals access the data values. These data centers
  2. 2. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 189incur heavy cost in their construction andmaintenance. Therefore, many PHR services areoutsourced to or provided by third-party serviceproviders like Microsoft Health Vault, GoogleHealth.The data outsourced to service providersare largely consumed by wide variety of individuals.Hence the need of security and privacy in personalhealth records is an important issue. This brings theidea of encrypting the data before outsourcing to theservers. To ensure best policy, it is the patient herselfwho should encrypt the data and determines whichusers shall have access in what manner. This oftenconflicts with scalability since there are a widevariety of personnel who try to access the PHR data.The data access may be for professional purposes orpersonal purposes which are categorized asprofessional users and personal users. Professionalusers include doctors, researchers, lab technicians etcwhereas personal users include family members andfriends. This large scale of users may lead to keymanagement overhead upon the patient. In order toovercome this overhead, a central authority (CA) hasbeen appointed to perform key management ofprofessional users[1]. But this again requires toomuch trust on single authority, which possesses aserious challenge. However, key management ofpersonal users have been managed by the patientherselfThis leads to the adoption of a newencryption pattern namely Attribute BasedEncryption (ABE)[2]. In ABE, it is the attributes ofthe users or the data that selects the access policies,which enables a patient to selectively share her PHRamong a set of users by encrypting the file under a setof attributes, without the need to know a complete listof users. As a result, the number of attributesinvolved determines the complexities in encryption,key generation and decryption. The Multi AuthorityAttribute Based Encryption (MA-ABE) scheme isused to provide multiple authority based accesscontrol mechanism.Each authority is permitted to runits own copy of SW and then combining the results soas to achieve encryption [3].2. ACCESS CONTROLAccess controls are security features thatcontrol how users and systems communicate andinteract with one another. From (ISC)2 CandidateInformation Bulletin, Access control is the collectionof mechanisms that permits managers of a system toexercise a directing or restraining influence over thebehavior, use, and content of a system. Access controlmechanisms can be grouped into four main classes:discretionary, mandatory, role-based and attributebased[4]. A system that uses discretionary accesscontrol (DAC) allows the owner of the resource tospecify which subjects can access which resources.The authorization rulesexplicitly state which subjectscan execute which actions on which resources.Mandatory Access Control (MAC) is a type of accesscontrol in which only the administrator manages theaccess controls. The administrator defines the accesspolicy, which cannot be modified or changed byusers, and the policy will indicate who has access towhich programs and files. In a role-based accesscontrol (RBAC) model, access control is based onuser’s roles and on rules defining which roles canperform which actions on which resources. Finally, inan attribute based access control model (ABAC),access is controlled based on user’s attributes.2.1 Attribute Based Access ControlAttribute Based Access Control usesattributes as building blocks that defines accesscontrol rules and describes access requests. Theseattributes are sets of labels or properties that can beused to describe all the entities that must beconsidered for authorization purposes ie, access iscontrolled not by the rights that are possessed by theuser, but by the attributes of the user. An attribute-based access control policy specifies certain claimsthat need to be satisfied in order to grant access to a
  3. 3. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 190resource. For instance the claim could be "older than18". Any user that can prove this claim is grantedaccess. This is the basic concept of attribute basedaccess control.3. PROBLEM DOMAINNow, problem is being extended to a widerrange, where a number of PHR owners and users areinvolved. This is a bigger system of environment. Theowners refer to patients whose medical related dataare being controlled and maintained and the users arethose who try to access them. There exists a centralserver where owners place their sensitive medicaldata, and is attempted by users to gain access. Usersaccess the PHR documents through the server inorder to read or write to someone’s PHR, and a usercan simultaneously have access to multiple owners’data. This leads to the need of Multi-AuthorityAttribute Based Encryption (MA-ABE). However,MA-ABE supports neither identity based accesscontrol nor distributed access[5]. Hence this paperfocuses on providing distributed access control to thePHR data by extending MA-ABE.3.1Design GoalsAn important requirement of efficient PHRaccess is to enable “patient-centric” sharing. Thismeans that the patient should have the ultimatecontrol over her personal health record. Shedetermines which all users shall have access to hermedical record. User controlled read/write access andrevocation are the two core security objectives forany electronic health record system [6]. Usercontrolled writes access control in PHR contextentitles prevention of unauthorized users to gainaccess to the record and modifying it. Fine grainedaccess control should be enforces in the sense thatdifferent users are authorized to read different sets ofdocuments[7].The main goal of our framework is toprovide secure patient-centric PHR access andefficient key management at the same time. Yetanother design goal is on-demand revocation. Thesetwo objectives form the core of the paper. Whenevera user’s attribute is no longer valid, the user shouldnot be able to access future PHR files using thatattribute. This is usually called attributerevocation[8]. The PHR system should support usersfrom both the personal domain as well as publicdomain. Since the set of users from the public domainmay be large in size and unpredictable, the systemshould be highly scalable, in terms of complexity inkey management, communication, computation andstorage. Additionally, the owners’ efforts inmanaging users and keys should be minimized toenjoy usability.4. SOLUTION FRAMEWORKAs the main goal of the system is to providesecure access of PHR in a patient-centric manner andefficient key management, the proposed idea istwofold.Fig 1. Sharing of PHRFirst, the system is divided into multiplesecurity domains like personal domain (PSD) andpublic domain(PUD). Each domain controls only asubset of its users. For each security domain, one ormore authorities are assigned to govern the access of
  4. 4. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 191data. For personal domain it is the owner of the PHRitself who manages the record and performs keymanagement. This is less laborious since the numberof users in the personal domain is comparatively lessand is personally connected to the owner. On theother hand, public domain consists of a large numberof professional users and therefore cannot bemanaged easily by the owner herself. Hence it putsforward the new set of public attribute authorities(AA) to govern disjoint subset of attributesdistributively. Users from different sectors onsubmission of their identity information initiallyobtain attribute based secret keys from their attributeauthorities. This attribute based key can be used toobtain authorized access to the medical records. Inaddition, AAs may also grant write keys to certainusers based on their privilege. They are onlypermitted to make desired changes to the PHRrecord.In originality, PUD can be related toindependent sectors like hhealth care, insurance,education etc. Hence, public domain users need notcommunicate with the PHR owner in order to obtainits access; instead it requires communication with theattribute authorities alone. Hence the involvement ofattribute authorities greatly reduce the managementoverhead of PHR owners.Secondly, so as to achieve security ofhealth records, new encryption patterns namelyattribute based encryption (ABE) is adopted. Data isclassified according to their attributes. In certaincases, users may also be classified accordingly intoroles. PHR owner encrypts her record under aselected set of attributes and those users that satisfythose attributes can obtain decryption key in order toaccess the data. However, in the new solution pattern,an advanced version of ABE called multi-authorityABE (MA-ABE) is used. In this encryption scheme,many attribute authorities operate simultaneously,each handing out secret keys for a different set ofattributes.4.1Multi-Authority ABEA Multi-Authority ABE system iscomprised of k attribute authorities and one centralauthority. Each attribute authority is also assigned avalue,dk. The system uses the following algorithms:Set up: A random algorithm that is run by the centralauthority or some other trusted authority. It takes asinput the security parameter and outputs a public key,secret key pair for each of the attribute authorities,and also outputs a system public key and mastersecret key which will be used by the central authority.Attribute Key Generation: A random algorithm runby an attribute authority. It takes as input theauthority’s secret key, the authority’s value dk, auser’s GID, and a set of attributes in the authority’sdomain and output secret key for the user.Central Key Generation: A randomized algorithm thatis run by the central authority. It takes as input themaster secret key and a user’s GID and outputs secretkey for the user.Encryption: A randomized algorithm run by a sender.It takes as input a set of attributes for each authority,a message, and the system public key and outputs theciphertext.Decryption: A deterministic algorithm run by a user.It takes as input a cipher-text, which was encryptedunder attribute set and decryption keys for thatattribute set. This decryption algorithm outputs amessage m.4.2 Security Analysis of the ProposedSystemi) Fine-grainedness of Access Control: In theproposed scheme, the data owner is able to define andenforce expressive and flexible access structure foreach user. Specifically, the access structure of eachuser is defined as a logic formula over data file
  5. 5. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 192attributes, and is able to represent any desired datafile set.ii) Data Confidentiality: The proposed schemediscloses the information about each users’ access onthe PHR among one another. For eg, the data revealedto a research scholar may be unknown to a labtechnician.iii) User Access Privilege Confidentiality:Thesystem does not reveal the privileges of one user toanother. This ensures user access privilegeconfidentiality. This is maintained for public domainas well as private domain.5. SECURE SHARING OFPERSONAL HEALTH RECORDSUSING DISTRIBUTED ABEThe system is designed to manage PatientHealth Records (PHR) with different user accessenvironment. The data values are maintained under athird party cloud provider system. The data privacyand security is assured by the system. The privacyattributes are selected by the patients. The data can beaccessed by different parties. The key values aremaintained and distributed to the authorities. Thesystem is enhanced to support Distributed ABEmodel. The user identity based access mechanism isalso provided in the system. The system is dividedinto six major modules. They are data owner, cloudprovider, key management, security process,authority analysis and client.5.1 DataOwnerThe data owner module is designed tomaintain the patient details. The attribute selectionmodel is used to select sensitive attributes. PatientHealth Records (PHR) is maintained with differentattribute collections. Data owner assigns accesspermissions to various authorities.5.2 Cloud ProviderThe cloud provider module is used to storethe PHR values. The PHR values are stored indatabases. Data owner uploads the encrypted PHR tothe cloud providers. User access informations arealso maintained under the cloud provider.5.3 Key ManagementThe key management module is designed tomanage key values for different authorities. Keyvalues are uploaded by the data owners. Keymanagement process includes key insert and keyrevocation tasks. Dynamic policy based keymanagement scheme is used in the system.5.4 Security ProcessThe security process handles the AttributeBased Encryption operations. Different encryptiontasks are carried out for each authority. Attributegroups are used to allow role based access. Datadecryption is performed under the user environment.5.5 Authority AnalysisAuthority analysis module is designed toverify the users with their roles. Authoritypermissions are initiated by the data owners.Authority based key values are issued by the keymanagement server. The key and associated attributesare provided by the central authority.5.6 ClientThe client module is used to access thepatients. Personal and professional access models areused in the system. Access category is used toprovide different attributes. The client access logmaintains the user request information for auditingprocess.
  6. 6. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 1936. DESIGN ISSUESThe system scalability is enhanced using ABE andMA-ABE. There are some limitations in thepracticality of using them in building PHR systems.For example, in workflow-based access controlscenarios, the data access right could be given basedon users’ identities rather than their attributes, whileABE does not handle that efficiently. In thosescenarios one may consider the use of attribute-basedbroadcast encryption. In addition, the expressibility ofour encryptor’s access policy is somewhat limited bythat of MA-ABE’s, since it only supports conjunctivepolicy across multiple AAs. In practice, thecredentials from different organizations may beconsidered equally effective, in that case distributedABE schemes will be needed. The followingdrawbacks are identifying from the existing system.User identity bases access control mechanism is notsupported under the situation. Dynamic policymanagement is yet another issue.Advantages of the system are as follows:• Distributed environment• Security of sensitive fields• Break glass access for emergency situations• On-demand revocation7. CONCLUSIONThe patient health records are maintained ina data server under the cloud environment. A novelframework of secure sharing of personal healthrecords under distributed environment in cloudcomputing has been proposed in this paper .Publicand personal access models are designed withsecurity and privacy enabled mechanism. Theframework addresses the unique challenges broughtby multiple PHR owners and users, in that thecomplexity of key management is greatly reducedwhile guaranteeing the privacy compared withprevious works. The attribute-based encryptionmodel is enhanced to support distributed ABEoperations with MA-ABE. The system isimproved to support dynamic policy managementmodel. Thus, patient health records are maintainedwith security and privacy. It is a server choice basedsecurity model and possess central key managementwith attribute authorities.8. REFERENCES[1]M. Li, S. Yu, K. Ren, and W. Lou, “Securingpersonal health records in cloud computing:Patient-centric and fine-grained data accesscontrol in multi-owner settings,” inSecureComm’10, Sept. 2010, pp. 89–106.[2] Ming Li, Shucheng Yu, and Wenjing Lou,“Scalable and Secure Sharing of Personal HealthRecords in Cloud Computing using Attribute-based Encryption”, IEEE Transactions OnParallel And Distributed Systems 2012.[3]Melissa Chase,”Multi-Authority Attribute BasedEncryption”, Computer Science Department,Brown University.[4] X. Liang, R. Lu, X. Lin, and X. S. Shen,“Ciphertext policy attribute based encryptionwith efficient revocation,”Technical Report,University of Waterloo, 2010.[5]S. Muller, S. Katzenbeisser, and C. Eckert,“Distributed attribute- based encryption,”Information Security and Cryptology–ICISC2008, pp. 20–36, 2009.[6] H. Lohr, A.-R.Sadeghi, and M. Winandy,“Securing the e-health¨ cloud,” in Proceedings ofthe 1st ACM International Health InformaticsSymposium, ser. IHI ’10, 2010, pp. 220–229.[7] V. Goyal, O. Pandey, A. Sahai, and B. Waters,“Attribute-based encryption for fine-grainedaccess control of encrypted data,” in CCS ’06,2006, pp. 89–98.[8] S. Yu, C. Wang, K. Ren, and W. Lou, “Attributebased data sharing with attribute revocation,” inASIACCS’10, 2010.[9] M. Li, W. Lou, and K. Ren, “Data security andprivacy in wireless body area networks,” IEEEWireless Communications Magazine, Feb. 2010.
  7. 7. International Journal of Computer Applications Technology and ResearchVolume 2– Issue 2, 188 - 194, 2013www.ijcat.com 194[10] M. Li, S. Yu, N. Cao, and W. Lou, “Authorizedprivate keyword search over encrypted personalhealth records in cloud computing,” in ICDCS’11, Jun. 2011.[11] A. Lewko and B. Waters, “Decentralizingattribute-based encryption,” Advances inCryptology–EUROCRYPT, pp. 568–588, 2011.[12] S. Narayan, M. Gagn´e, and R. Safavi-Naini,“Privacy preserving ehr system using attribute-based infrastructure,” ser. CCSW ’10, 2010, pp.47–52.[13] X. Liang, R. Lu, X. Lin, and X. S. Shen, “Patientself-controllable access policy on phi inehealthcare systems,” in AHIC 2010, 2010.[14] S. Yu, C. Wang, K. Ren, and W. Lou,“Achieving secure, scalable, and fine-graineddata access control in cloud computing,” inIEEE INFOCOM’10, 2010.[15] C. Dong, G. Russello, and N. Dulay, “Sharedand searchable encrypted data for untrustedservers,” in Journal of Computer Security, 2010.[16] S. Ruj, A. Nayak, and I. Stojmenovic, “Dacc:Distributed access control in clouds,” in 10thIEEE TrustCom, 2011.[17] S. M¨ uller, S. Katzenbeisser, and C. Eckert,“Distributed attribute basedencryption,”Information Security andCryptology–ICISC 2008, pp. 20–36, 2009.[18] “Privacy-preserving personal health recordsystem using attribute-based encryption,”Master’s thesis, WORCESTERPOLYTECHNIC INSTITUTE, 2011.

×