1. CPLM: Cloud Facilitated Privacy Shielding Leakage
Resilient Mobile Health Monitoring
R.Jasmine Anita
(M. Tech)Dept. of CSE
SITE
Tirupati, India
jasmineanitar@gmail.com
A.Narayana Rao
Asst. Professor, Dept. of CSE
SITE
Tirupati, India
Abstract— Cloud-assisted mobile health (mHealth)
monitoring is a revolutionary approach to provide decision
support in the health care sector. It employs mobile
communications and cloud computing technologies to provide
timely feedback. Its main objective is to not only improve the
quality of healthcare service but also to decrease the healthcare
expenditure. In spite of the benefits it offers, needless to say the
acceptance of such a mobile health monitoring system is affected
as it doesn’t shield the privacy of the patients’ data and also the
data of the health care service providers. As a result of which the
wide deployment of mHealth technology is hindered and the
patients’ willingness to get involved in such a mobile health care
monitoring program is abated. Cloud Facilitated Privacy
Shielding Leakage Resilient Mobile Health Monitoring addresses
the fore mentioned limitations by offering a privacy shield to the
involved parties and their data in addition to handling the side
channel attack. To take into consideration the resource
constraints of the parties involved, the outsourcing decryption
technique and a key private proxy re-encryption are
implemented to shift the computational complexity of the privacy
shielding scheme to the cloud without compromising the privacy
of the clients and that of the service providers. The side channel
attack is handled by implementing a Virtual machine policing
approach.
Keywords— Key private proxy re-encryption, Privacy Shield,
Outsourcing decryption, Virtual Machine Policing.
I. Introduction
Mobile devices especially smart phones attached with
low cost sensors have found their application in every field in
and around the world. Employing such smart phones improves
the health care service quality in terms of time and effort. One
of the successful examples of mobile health applications in the
developing countries is the Remote Mobile Health
Monitoring. MediNet is a successfully launched project which
has been designed to be used in the remote places of the
Caribbean countries. It was launched by Microsoft and has
been employed to monitor the health condition of the patients
suffering from diabetes and cardio vascular diseases [1].when
such a remote mHealth monitoring system is used, various
physiological data ranging from blood pressure to blood
glucose could be collected by deploying detachable sensors in
wireless body sensor networks. The collected physiological
data could be then transferred to a central server. The server
in turn would then run various web medical applications on
these data to return timely feedback to the patient. With the
emergence and evolution of the cloud computing technologies,
the Software as a Service(SaaS) model and pay as you go
business model can be incorporated in cloud computing to
provide a feasible solution. This would allow small health care
service providers to perform well in the health care market.
Cloud facilitated mHealth monitoring promises
improved health care services and reduced health care costs.
In spite of the many promises offered, to make this technology
a reality one has to overcome a stumbling block. While
collecting, storing, diagnosing, communicating and
computing, there is a chance that the privacy of the patients is
breached. This calls for proper addressing of the data
management in a mHealth monitoring system. Statistics reveal
that around 75% of the Americans attach utmost significance
to the privacy of their personal health information [2]. A study
also reveals [3] that patients’ concern regarding the privacy
breach of their health data could deteriorate the willingness of
the patients to be involved in such health care monitoring
programs. This privacy apprehension will be inflamed owing
to the increase in the privacy breaches involving electronic
data.
Many organizations collect patients’ personal health
data [4] and the data is shared with insurance organizations,
research organizations or even other government institutions.
The activities of the health care service providers should be
restricted efficiently to achieve real protection to patients’
personal data as a study reveals [5] that privacy laws could not
guarantee a privacy shield to the patients’ personal health data.
Conventional privacy protection techniques work by
detaching personal identity information such as names or
social security number or by using anonymization techniques.
Such conventional techniques are not an effective means to
deal with the privacy of mobile health care systems owing to
the increase in the amount and diversity of personally
identifiable information [6]. Personal Identifiable Information
(PII) can be defined as any piece of information related to a
uniquely identifiable individual [7]. In practice however any
piece of information can be transformed in to personal
identifiable information [6]. The mobile health monitoring
system offers a tremendous opportunity to intruders to lay
123
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in
2. their hands on a large quantity of information which could be
used to ultimately identify the corresponding individual. This
calls for the utmost attention as an intruder may be able to
identify the corresponding individual using such sensitive
information [8], [9]. Conventional anonymization techniques
have been used to handle the privacy issues. K-anonymity and
l-diversity are instances of such anonymization techniques. It
has been shown that such techniques are not sufficient to
completely prevent re-identification [6]. It is our ardent belief
that the proposed CPLM will not only serve as a feasible
solution to the privacy related problems in a mobile health
care system but also will serve as an alternative solution to the
privacy-sensitive users.
To address the security and the privacy, cryptography
is a viable solution. While using cryptographic techniques, one
significant problem that needs to be taken into consideration is
the increased computational complexity. In the cloud
computing environment, discretion calls for shifting intensive
computations to the cloud servers from the mobile devices
where resources are constrained. To successfully shift the
computations from the mobile devices to the cloud server
without compromising privacy and security is challenging and
calls for a thorough investigation.
The CPLM design emphasizes on the insider attacks.
Such attacks could be carried out by insiders either with a
malicious or a benign intent. It is very important to design a
privacy shielding mechanism to counteract the insider attacks
without failing to maintain equilibrium between implementing
privacy constraints and maintaining the normal operations of
the mobile health systems. The problem is aggravated in the
case of cloud facilitated mobile health systems as it is
extremely essential to not only ensure that the privacy of the
clients’ data is shielded but also to ensure that the results are
shielded from the cloud servers as well as the health care
service providers aka the companies.
The CPLM scheme enables the health care service
provider aka the company to be offline after the initial stage
and ensures that the data or programs delivered to the cloud is
done securely. Outsourcing decryption technique [10] is
incorporated in to the multi-dimensional range queries system
in order to shift the computational complexity from the client
to the cloud server. The proxy re-encryption scheme ensures
that the computational complexity is shifted to the cloud from
the company as the company has to perform encryption only
once.
II. SYSTEM MODEL
The Cloud facilitated Privacy Shielding Leakage Resilient
Mobile Health Monitoring system (CPLM) comprises of four
parties- the cloud server aka the cloud, the health care service
provider which provides the mobile health monitoring service
aka the company, the clients and a semi trusted authority
(STA). The monitoring data or program is encrypted prior to
its storage in the cloud server. The clients collect their
personal medical data and the data is stored in their mobile
devices. The data is then transformed into tokens. The
transformed tokens are delivered as inputs to the encrypted
monitoring program stored in the cloud server through a
mobile device. The responsibility of generating and
distributing tokens or private keys lies with a semi trusted
authority. The STA collects a service fee from the clients as
per a business model for instance pay-as-you-go business
model. The STA can be considered as a confederate or an ally
for a company or multiple companies. The company and the
STA can connive to obtain personal health data from the client
tokens or input vectors. In this CPLM design it is assumed that
the cloud server is neutral, in other words it is assumed that
the cloud does not connive with the company or a client to
cause damage to the other side. It is still possible for the cloud
to connive with the other entities of the CPLM such as the
STA and it is left for future consideration. It is also assumed
that an individual client doesn’t connive with other clients.
CPLM involves four major phases- SecParam, Setup,
Store, TokenGen and Query. To start with, the cloud server
determines the rate at which the Police VM is scheduled based
on the inputs from the clients and the company. At the
initialization step, the STA runs the Setup phase which results
in the publishing of the system parameters. The next phase
corresponds to the Store algorithm in which the mobile health
monitoring program is expressed as a branching program. The
branching program is encrypted. The resulting cipher text and
the company index are delivered to the cloud by the company.
When a client wants to access the cloud for a mobile
health monitoring program, the j-th client in collaboration with
the STA runs the TokenGen algorithm. The j-th client sends
the company index and the private query input to the STA, the
STA in turn inputs its master secret key to the algorithm. This
results in the generation of tokens which are supplied to the
client. In this entire process, the STA doesn’t obtain any non-
trivial information about the submitted query.
During the final phase, the tokens are delivered by the
client to the cloud which in turn runs the Query phase. A
major chunk of the computationally intensive task of
decryption is performed by the client and the partially
decrypted text is returned to the client. The client decrypts the
partially decrypted text to obtain the decryption result. During
the entire process the cloud can deduce no significant
information in either the clients’ private query or the
decryption result. The CPLM also prevents the cloud from
obtaining significant information from either the clients’
private query or from the received information from the client.
III. SOME PRELIMINARIES AND
BUILDING BLOCKS
A. Bilinear Maps
Pairing is one of the building blocks of the CPLM design.
An efficiently computable, non-degenerate function e:
G×G→GT which satisfies the bilinearity property defines
pairing. The bilinearity property states that e(gp
,gq
) = e(g,g,)pq
for any p,q ∈ Z*
q. Z*
q is a finite field modulo q, G and GT are
124
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in
3. multiplicative groups of prime order q generated by g and
e(g,g) respectively.
B. Branching Program
A binary branching program is a triplet ({m1, …, mk}, L,
R). The first element of the triplet is a set of nodes in the
binary branching tree. The internal nodes represent the
intermediate decision nodes while the leaf nodes represent the
label nodes. A decision node is represented as an attribute-
threshold pair (ai, ti), where ai represents the attribute index
and ti represents the threshold value. The attribute value
supplied by the client vai is compared with the threshold value
ti. At each decision node i, if vai ≤ ti then L(i) becomes the
index of the next node. If vai > ti then R(i) becomes the index
of the next node. The label nodes contain classification
information. The nodes are traversed starting from the root
node by comparing the value supplied by the client with the
threshold value until one of the label nodes is reached.
C. Homomorphic Encryption
In CPLM, additive homomorphic public-key encryption
technique is used. In homomorphic encryption, if HE(p) and
HE(q) are two encrypted messages, then the encryption of the
addition of the two messages is obtained as follows HE(p+q) =
HE(p) * HE(q), where * is an operation in the cipher text
space. In CPLM homomorphic encryption is used to obtain
tokens corresponding to the client attribute vector.
D. MDRQs Based Anonymous IBE
Shi et al [12] first proposed Multi-Dimensional Range
Queries (MDRQs). In the MDRQ system the sender encrypts a
message using a range [er1, er2] or a C bit data v. A receiver
with a private key which corresponds to the range [er1, er2] or a
C bit data v can decrypt the message. The encrypted cipher
text protects not only the privacy of the message but also the
range or the data under which the message is encrypted.
In MDRQs, a C-level binary is constructed to
represent the C-bit data or the range. The root of the C-level
binary tree is labelled as ┴. The left child node of an internal
node s is labelled as s0 and the right child node is labelled as
s1. The leaf nodes from the left to the right will be labelled
with a string 0, 0, · · · , 0 to 1, 1, · · · , 1, corresponding to all
the possible C-bit data.
E. Decryption Outsourcing
Pairing-based IBE systems [11] and attribute-based
encryption systems [13], [14] are well known for expensive
decryption workload. Decryption Outsourcing is used to
decrease the computational complexity. It allows a client to
convert his secret key to a transformation key. The
transformation key is then delegated to an untrusted server
which in turn uses it to convert the original cipher text to an el
gamal encryption of the original message. The advantage is
that the client only has to perform simple exponentiation
operations to obtain the decrypted message. CPLM applies the
outsourcing decryption technique with MDRQS based on the
BF-IBE scheme. The advantage of the above scheme is that
the client has to only perform one exponentiation to obtain the
original message. The STA deduces no useful information on
the client’s identity id. The cloud also cannot deduce any
useful information regarding the client identity id.
F. Proxy Re-Encryption (PRE)
The CPLM design also uses proxy re-encryption (PRE). It
was first proposed by Blaze et al. [15]. Ateniase et al
formalized it [16]. PRE enables a proxy server which cannot
be trusted, having a re-encryption key (rekey) rk A→B to
convert a first level cipher text into a second level cipher text
without allowing the proxy to deduce any useful information
about the message. In the CPLM scheme two relevant
properties are emphasized: First is unidirectionality and the
second is key privateness. Unidirectionality implies that the
delegation from A → B does not allow delegation from B→ A.
Key privateness means that given the re-encryption key rk
A→B, the proxy obtains no information on either the delegator
identity or the delegatee identity. In CPLM, the company
delivers the health monitoring program which is encrypted
using MDRQs to the untrusted cloud. The company also
delivers many re-encryption key along with the cipher text to
the cloud. The key private property ensures that no useful
information about the underlying identities, corresponding to
the thresholds of the internal decision nodes, is leaked to the
cloud. PRE aids by reducing the encryption workload for the
company. It should be ensured that the computation of the re-
key generation should be lesser than that of the first level
encryption in PRE.
G. Virtual Machine Policing
Sharing of resources among processes is a major
contributor to the side channel attacks. One of the major
objectives of using cloud computing is to share resources
which calls for co-residence of virtual machines in a cloud
computing environment. In the Virtual Machine Policing [17],
the cloud server creates special virtual machines which are
then launched by a physical host according to a police virtual
machine scheduling policy. The attacking VM is then
confused by the police VMs. This is done by running some
clean up or resource sharing instructions.
A police virtual machine is a VM which is launched by a
physical host. Its responsibilities are to prevent and to handle
the side channel attacks. A police VM consists of zero or more
counter attack (CA) units as shown in Fig. 1. Each CA unit is
a software component which handles the responsibility of
preventing and handling a specific category of side channel
attacks. Such CA units are installed dynamically depending on
the situational need. The number of Police VMs executing and
their scheduling policy is dictated by a number of factors such
as the cloud server’s load, special security request of the client
and performance requirements of the cloud server.
Police VM
CA
unit1
CA
unit2
CA
unit3
…
125
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in
4. Fig. 1 Police VM
IV. CPLM DESIGN
The system time is divided into time slots. Each time slot
can range from a week to a month. It is assumed that a
maximum of N users can access the monitoring program
during a given slot. Whenever a client tries to access a
monitoring program, it is assigned an index i by the STA,
where i ∈ [1,N].
CPLM with an efficient Privacy Shield reduces not
only the computational burden on the company but also the
communication overhead for the cloud. As shown in Fig. 2,
the high level idea is as follows. Key private re-encryption
scheme is employed as an underlying tool. The company
produces a single set of cipher text and delivers it to the cloud,
instead of generating a cipher text for each client. The
company then obliviously delivers the identity threshold
representation sets to the STA for the thresholds of the
decisional branching nodes and the indices of the concerned
attributes so that the STA can produce the re-encryption keys
corresponding to the rest of the clients in the system by
making use of the key private re-encryption scheme. The
produced re-encryption keys are then distributed to the cloud.
The cloud then runs the re-encryption scheme using the rekeys
and the single set of cipher text delivered by the company to
produce the cipher texts for the rest of the clients. The key
private re-encryption scheme assimilates the outsourcing
decryption to ensure that the CPLM scheme incorporates
security and efficiency characteristics. As a result of the
decryption algorithm of the proxy re-encryption scheme, the
interactions between clients and the cloud is also decreased.
CPLM with an efficient Privacy Shield consists of the
following five steps.
SecParam: This step is performed by the cloud server by
taking into consideration the security parameters provided by
the client. If the client opts for special security request, the
regular VM and the Police VM are scheduled alternatively. If
the performance of the VM is a priority and if the number of
clients accessing the monitoring program is less than 300, the
police VM is scheduled after ten regular VMs. If the number
of clients accessing is between 300 and 600, the police VM is
scheduled after 15 regular VMs else it is scheduled after 20
regular VMs. If the performance of the VM is not a priority,
then the police VM is scheduled after 15, 20, 30 regular VMs
for the above corresponding range of clients accessing the
monitoring program.
Setup: This step is performed by the STA. The STA takes as
input the security parameter 1 λ
, and outputs the system
parameter SP = (G,GT , q, g,Hi, i = 1, 2, 3, 4, 5), the key pair
for the STA (pk, msk) = (y, s) = (gs
, s). G and GT are bilinear
groups of prime order q, g represents a random primitive root
in G, Hi, (i ∈ {1, 2, 3, 4, 5}) represents cryptographic hash
functions.
H1 : {0, 1}∗ → G, H2 : G × G → Z∗
q , H3 : M×M → Z∗
q , H4 :
GT →M×M, and H5 : G×M×M→ G. The system parameter is
included in the following steps implicitly.
Store: This step is performed by the company. Let PRF(s0, i)
and PRF(s1, i) denote two pseudo-random functions. They
take as inputs a secret key sj , j ∈ {0, 1} and a i, defined by
PRF : {0, 1} λ
× [1,N ∗ k] → {0, 1}C+C′
, where N represents the
maximum number of the clients accessing the company’s
monitoring program in a particular time slot.
For j ∈ [1, k], the company computes the identity
representation sets S[0;tj+ δ ij ] and S[tj+ δ ij+1;Max′]. δ(0)
ij =
PRF(s0, (i−1)∗k+j), δ(1)
ij = PRF(s1, (i − 1) ∗ k + j) and δij =
δ(1)
ij + δ(0)
ij , where j ∈ [1, k].
Let Q represent a random permutation of the set [1, k]
= (1, 2, · · · , k) where Q[1] = 1. The company distributes
PRF(s0, ·), {tj + δij , aj |i ∈ [1,N], j ∈ [1, k]} and the random
permutation Q to the STA. The STA computes the identity
representation set. For j ∈ [1, k], the STA runs the ReKey(id1,
id2, msk) algorithm on the identities id1 ∈ S[0;tj+ δ ij ] and id2
∈ S[0;tj+ δ (i+1)j ], or the identities id1 ∈ S[tj+ δ ij+1;Max′] and
id2 ∈ S[tj+ δ (i+1)j+1;Max′]. The STA then delivers all the
generated re- encryption keys according to the permuted order
to the cloud.
The ReKey algorithm is as follows.
ReKey(id1, id2, msk): This algorithm is performed by the
STA. When a delegator D receives a request of re-encryption
from id1 to id2, it first executes the Ext algorithm on id2 to
produce skid2. Then it outputs the re-encryption key from id1 to
id2:
rkid1;id2 = (rk(1)
id1;id2, rk(2)
id1;id2)= (H1(id1)s
· gH2(skid2||Nid1;id2
)
,Nid1;id2 ) and Nid1;id2 is a random element from G.
The Ext algorithm works as follows.
Ext(id, msk): This algorithm is performed by the STA and a
client. Upon receiving an identity id as input, the client first
selects a random number z ∈ Z∗
q, and computes the value u1
=H1(id)z
and sends it to the STA. The STA outputs the
transformation key corresponding to the identity id: u2 = us
1
where s = msk and delivers it back to the client. Then the
client calculates his private key skid=u1/z
2 =H1(id)zsz−1
=H1(id)s
.
It is to be noted that the STA deduces no information on the
client’s identity as H1(id)z
is just a random group element
under a random oracle model.
Starting with the node p1, the company chooses two
symmetric keys kQ[L(j)] and kQ[R(j)] for each decision node pj
whose children are internal nodes. Then, it executes the
encryption algorithm Enc(id1, kQ[L(j)]||Q[L(j)]) and Enc(id2,
kQ[R(j)]||Q[R(j)]), where the identity id1 ∈ S[0;tj+ δ ij ] and the
identity id2 ∈ S[tj+ δ ij+1;Max′], respectively, in order to produce
two cipher text sets CQ[L(j)] and CQ[R(j)]. Let TCj be represented
by {CQ[L(j)],CQ[R(j)]}. The cipher texts TCQ[L(j)] and TCQ[R(j)] are
encrypted using kQ[L(j)] and kQ[R(j)] for the two child nodes,
using a semantically secure symmetric key encryption scheme.
When pj represents the parent node of the leaf nodes, the
information attached to the two leaf nodes are encrypted using
the two symmetric keys.
126
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in
5. The company then distributes the resulting cipher
texts and δ(1)
ij to the cloud. The cipher texts for each node are
aligned to the permuted order Q[j] in the cloud.
The Enc algorithm works as follows.
Enc(id,m): This algorithm is run by the company. Upon the
input of a message m ∈M, and an identity id, the company
outputs the ciphertext C = (c1, c2, c3), Where r = H3(m||σ), c1
= gr
, c2 = (σ||m) ⊕ H4(e(H1(id), y)r
) and c3 = H5(c1||c2)r
, σ
being a random element from M, the message space.
For i ∈ [1,N], the cloud produces the cipher texts
corresponding to the i-th client as follows: starting with the
node p1, the cloud executes the ReEnc(Cid1 , rkid1;id2 )
algorithm to re-encrypt the cipher texts by making use of the
rekey from the STA with identity id1 ∈ S[0;tj+ δ ij ] and the
identity id2 ∈ S[0;tj+ δ (i+1)j ], or the identity id1 ∈ S[tj+ δ ij+1;Max′] and
the identity id2 ∈ S[tj+ δ (i+1)j+1;Max′] here. The set of cipher text
sets for the i-th client are a concatenation of the resulting
public key cipher texts and the original symmetric key cipher
texts.
The ReEnc algorithm works as follows.
ReEnc(Cid1 , rkid1;id2 ): This algorithm is run by the proxy
server. It takes as inputs an original cipher text Cid1 = (c1, c2,
c3) under the identity id1, and a re-encryption key from id1 to
id2 rkid1;id2. If the equality e(c1,H5(c1||c2)) = e(g, c3) holds
good, then the algorithm outputs the re-encrypted cipher text
Cid2 =(c′1, c2, c′3, c4) where c′1 = e(g, c1), c′3 = e(c1, rk(1)
id1;id2),
and c4 = rkid1;id2 . If the above equality doesn’t hold good, it
outputs ⊥.
TokenGen: The process of generating a private key for the
attribute vector v=(v1, · · · , vn) is initiated when the i-th client
first produces a public/ private key pair of a homomorphic
encryption scheme. The public key and the value HEnc(vj) are
then sent to the STA.
The STA computes the value HEnc(vaj + δ(0)
ij ) from the
values HEnc(δ(0)
ij ) and HEnc(vaj ). Then the STA permutes
the resulting cipher text according to Q and sends the
permuted cipher text according to the order of Q[aj ] where j
∈[1, k] to the cloud. The cloud will then return the value
HEnc(vaj+δ(0)
ij + δ(1)
ij )=HEnc(vaj + δij) to the client. The
client then decrypts the returned cipher text and obtains vaj
+δij for j ∈ [1, k]. The client then computes the identity
representation set for each Svaj+ δ ij . For every identity id ∈ Svaj+
δ ij , the client executes the Ext(id, msk) algorithm with the
STA to produce the transformation key. The transformation
key is directly delivered to the cloud.
Query: The client’s index i is delivered by the client to the
cloud. The cloud will then return the respective cipher text.
The client can either opt to download all the cipher texts and
the transformation key and perform the rest of the decryption
steps, or to start executing the Dec(skid,Cid) algorithm, where
the identity id ∈ S[0;t1+ δ i1] or S[t1+ δ i1+1;Max′] in order to decrypt
from the node p1 and then download the cipher text along with
the transformation key for the subsequent node based to the
decryption result. If the client chooses the latter approach, then
only the cipher text that corresponds to a path from the root
node to a leaf node needs to be accessed instead of cipher texts
for all nodes in the binary branching tree. However, in this
entire process, the client needs to access the cloud multiple
times which is directly proportional to the length of the path.
The cloud need not make any computations during its
interaction with the client as the client is capable of
completing all the necessary decryption steps on its own. The
client does not have to generate any bilinear map as the
bilinear operation has already been done by the cloud owing to
the pre-processing step in the ReEnc(Cid1 , rkid1;id2 )
algorithm.
Fig. 2 CPLM with an efficient Privacy Shield
The Dec algorithm works as follows.
Dec(skid,Cid): This algorithm is executed by a client. It takes as
inputs a cipher text Cid under id, along with a private key skid.
1) If Cid represents an original cipher text (c1, c2, c3), calculate
the value c2 ⊕ H4(e(skid, c1)) = (σ||m) ⊕ H4(e(H1(id),
y)r
)⊕H4(e(H1(id)s
, gr
) = σ||m
If c1 = gH
3
(σ ||m)
and c3 = H5(c1||c2)H
3
(σ ||m)
both hold good, it
outputs m; otherwise it outputs ⊥.
2) If Cid represents a re-encrypted cipher text (c′1, c2, c′3, c4) ,
Calculate the value H4(c′3/c′1
H
2
(skid′ ||c4)
)⊕ c2 = H4(e(y,H1(id)r
) ·
e(g, g)r
·H
2
(skid′ ||Nid;id′ )
/(e(g, g)r
)H2(skid′ ||Nid;id′ ))⊕(σ||m) ⊕
H4(e(H1(id), y)r
) = σ||m
If c′1 = e(g, g)H
3
(σ ||m)
holds good, it outputs m; otherwise, it
outputs ⊥.
V. Conclusion
CPLM is a cloud facilitated privacy shielding leakage
resilient mobile health monitoring system, which can
effectively not only shield the privacy of the clients but also
the intellectual property of the mobile health service providers.
In order to shield the privacy of the clients, the anonymous
Boneh-Franklin identity based encryption (BF-IBE) has been
applied in the medical diagnostic branching programs. As the
IBE comes in with a high decryption complexity, the
decryption outsourcing has been applied to shift the
Cloud Server
Client
Outsourcing
Decryption
Algorithm
Encrypted
Branching
Program
Company
STA
Attribute
Tokens
Re-Encrypted
Branching Program
Decrypted
Label
Randomness data
Re-Keys
127
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in
6. computation complexity from the clients to the cloud server
thus resulting in a reduction in the decryption complexity.
The Branching program tree has been extended by using
random permutations and by randomizing the thresholds at the
branching nodes in order to shield the Heath service providers’
monitoring programs. In order to enable and motivate small
health care service providers, for whom resource constraint is
a major problem, the CPLM design provides a way for shifting
the computational burden to the cloud server by applying the
key private proxy re-encryption technique. The side channel
attacks are effectively prevented and handled by using VM
policing. The CPLM scheme has been shown to achieve the
design goals.
References
[1] P. Mohan, D. Marin, S. Sultan, and A. Deen, “Medinet: personalizing the
self-care process for patients with diabetes and cardiovascular disease using
mobile telephony.” Conference Proceedings of the International Conference
of IEEE Engineering in Medicine and Biology Society, vol. 2008, no. 3, pp.
755–758. [Online]. Available:
http://www.ncbi.nlm.nih.gov/pubmed/19162765
[2] L. Ponemon Institute, “Americans’ opinions on healthcare privacy,
available: http://tinyurl.com/4atsdlj,” 2010.
[3] A. V. Dhukaram, C. Baber, L. Elloumi, B.-J. van Beijnum, and P. D.
Stefanis, “End-user perception towards pervasive cardiac healthcare services:
Benefits, acceptance, adoption, risks, security, privacy and trust,” in
PervasiveHealth, 2011, pp. 478–484.
[4] N. Singer, “When 2+ 2 equals a privacy question,” New York Times,
2009.
[5] E. B. Fernandez, “Security in data intensive computing systems,” in
Handbook of Data Intensive Computing, 2011, pp. 447–466.
[6] A. Narayanan and V. Shmatikov, “Myths and fallacies of personally
identifiable information,” Communications of the ACM, vol. 53, no. 6, pp. 24–
26, 2010.
[7] A. Cavoukian, A. Fisher, S. Killen, and D. Hoffman, “Remote home
health care technologies: how to ensure privacy? build it in: Privacy by
design,” Identity in the Information Society, vol. 3, no. 2, pp. 363–378, 2010.
[8] X. Zhou, B. Peng, Y. Li, Y. Chen, H. Tang, and X. Wang, “To release or
not to release: evaluating information leaks in aggregate human-genome
data,” Computer Security–ESORICS 2011, pp. 607–627, 2011.
[9] R. Wang, Y. Li, X. Wang, H. Tang, and X. Zhou, “Learning your identity
and disease from research papers: information leaks in genome wide
association study,” in Proceedings of the 16th ACM conference on Computer
and communications security. ACM, 2009, pp. 534–544.
[10] M. Green, S. Hohenberger, and B. Waters, “Outsourcing the decryption
of abe ciphertexts,” in Usenix Security, 2011.
[11] D. Boneh and M. K. Franklin, “Identity-based encryption from the weil
pairing,” in CRYPTO, 2001, pp. 213–229.
[12] E. Shi, J. Bethencourt, H. T.-H. Chan, D. X. Song, and A. Perrig,
“Multidimensional range query over encrypted data,” in IEEE Symposium on
Security and Privacy, 2007, pp. 350–364.
[13] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in
EUROCRYPT, 2005, pp. 457–473.
[14] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based
encryption for fine-grained access control of encrypted data,” in ACM
Conference on Computer and Communications Security, 2006, pp. 89– 98.
[15] M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic
proxy cryptography,” in EUROCRYPT, 1998, pp. 127–144.
[16] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-
encryption schemes with applications to secure distributed storage,” ACM
Trans. Inf. Syst. Secur., vol. 9, no. 1, pp. 1–30, 2006.
[17] Tzong-An Su, “A mechanism to prevent side channel attacks in cloud
computing environments”.
128
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
2nd INTERNATIONAL CONFERENCE ON CURRENT TRENDS IN ENGINEERING RESEARCH
ISBN : 378 - 26 - 138420 - 6
www.iaetsd.in