This document describes a proposed system for scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. The system aims to address security issues with existing personal health record systems, such as privacy risks, scalability of key management, access control and user revocation. The proposed system uses attribute-based encryption to encrypt personal health records and a novel patient-centric framework with access control mechanisms. It allows for multiple data owners, dynamic access policies, and on-demand revocation of user access. The system is intended to be scalable, secure and efficient while ensuring patient control over personal health information.

1. Scalable and Secure Sharing of Personal Health
Records in Cloud Computing using
Attribute-based Encryption
Kajol (10261A0524)
Hemanshu Agarwal (10261A0516)
Under the guidance of
Mr. SK Irfan Babu (Assistant Professor)
CSE Department.

2. INTRODUCTION
PHR service allows a patient to create,
manage, and control her personal health data in
one place through the web, which has made the
storage, retrieval, and sharing of the medical
information more efficient.
PHR’s are encrypted using attribute based
encryption (ABE) technique
We focus on multiple data owner scenario
and divide users in PHR system into multiple
security domains
Personal Health Record (PHR) is an emerging patient-centric model of health information
exchange.

3. EXISTING SYSTEM
 Existing systems focuses on health information exchange but suffers from many security
issues.
Drawbacks
In present systems, issues such as risks of privacy exposure,
scalability in key management, flexible access and efficient user
revocation have remained the most important challenges.
Not suitable for multiple data owner’s.
The main concern is about whether the patients could actually
control the sharing of their sensitive personal health information.

4. PROPOSED SYSTEM
We propose a novel patient-centric framework and a suite of mechanisms for data access control
to PHR’s stored in semi-trusted servers.
Advantages:
Multiple data owner scenario and effective key management.
Privacy is guaranteed by exploiting multi-authority ABE.
Data confidentiality.
Write access control.
Dynamic modification of access policies
On demand revocation.
Allows break-glass access
Scalable ,secured and efficient.
Applications:
Hospital management
Health care website

5. SYSTEM SPECIFICATIONS
HARDWARE REQUIREMENTS:-
System : Pentinum IV 2.4 GHz
Hard Disk : 40 GB
Ram : 512MB
SOFTWARE REQUIREMENTS:-
Operating system : Windows 7 Professional
Coding Language : J2EE,JSP,Servlet
Front End Tool : Netbeans 7.0
Back End Tool : MY SQL
Server : Apache Tomcat 7.2.1
Script Language : JavaScript

6. MODULES
 PHR Owner Module
Upload Module
Attribute-based Encryption Module for Data Access
Control
Setup and Key Distribution Module.
Break-glass Module

7. PHR OWNER MODULE

8. ATTRIBUTE BASED ENCRYPTION
MODULE

9. SETUP AND KEY DISTRIBUTION
MODULE

10. PROPOSED SYSTEM FRAMEWORK

11. LITERATURE SURVEY
Java Technology : Java Technology is both a programming language and platform.
Working of Java
Software and Technological Description

12. DATABASE DESIGN
Fig: Static View of PHR Tables.
 ODBC
 JDBC

13. SYSTEM DESIGN
DATA FLOW DIAGRAMS
Data Owner
Encrypt PHR
Cloud Storage
Patient Centric Model
Attribute based Encryption
Modify Access Policies
Users
Level 1:
Level 0:

14. SYSTEM DESIGN
UML DIAGRAMS
Patient Centric Framework
Secure PHR Sharing
Attribute based Encryption
Key policy Generation
Break Glass Access
Use Case Diagram: A use case diagram defines the relationship between set of
use cases and actors.

15. Data Owner Patient Centric Framework Attribute based encryption Data User
Sequence Diagram: The Sequence Diagram is a model that describes how groups
of object. Collaborate in some behavior over a period of time and capturing the behavior
of single use case.
PHR
PHR Encryption
Key Distribution
Attribute Based Encryption
Key Generation
Secure and Efficient
SYSTEM DESIGN

16. USER INTERFACES
Login Page

17. Public Domain Registration Page

18. Personal Domain
Registration
Page
Emergency
Registration
Page

19. Patient Sharing
Page
Public Domain
(Doctor/
Insurance)
Requesting
Page

20. Public Domain
Key Generation
Page
PHR Owner
Page

21. Doctor Response
Page
Doctor Request
Allow Page

22. Emergency Key
Revoke Page
Doctor Views
Patient
Information

23. Testing is a process of validating and verifying that a product:
oMeets the requirements
oWorks as expected
oCan be implemented
oPacifies the needs of customer
 Source code testing
 Specification testing
 Module level testing
 Unit testing
 Integration testing
 Validation testing
 Recovery testing
 Performance testing
 Black box testing
 Output testing
Testing Methods
TESTING

24. The protection of computer based resources that include
hardware, software, data, procedures and people against
unauthorized use or natural disaster is known as system security.
System security can be divided into four related issues:
oSystem security
oData security
oPrivacy
oSystem Integrity
oConfidentiality
SYSTEM SECURITY

25.  We proposed a patient centric model for secure sharing of
personal health records in cloud computing.
 In this framework we greatly reduce the complexity of key
management while enhance the privacy guarantees compared
with previous works.
 This model also supports on-demand user revocation, and proves
its security. Through implementation and simulation, we show that
our solution is both scalable and efficient.
 It has been an immense pleasure on working on this project which
comes under Cloud Computing , which is the need of the hour in
this technology driven world.
CONCLUSION

26. REFERENCES
[1] “The health insurance portability and accountability act.” [Online]. Available:
http://www.cms.hhs.gov/HIPAAGenInfo/01 Overview.asp
[2] “Google, Microsoft say hip a a stimulus rule doesn’t apply to them,”
http://www.ihealthbeat.org/Articles/2009/4/8/.
[3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control
of encrypted data,” in CCS ’06, 2006, pp. 89–98.
[4] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient controlled encryption: ensuring privacy of
electronic medical records,” in CCSW ’09, 2009, pp. 103–114.
[5] S. Muller, S. Katzenbeisser, and C. Eckert, “Distributed attribute based encryption,” Information Security
and Cryptology–ICISC 2008, pp. 20–36, 2009.
[6] Y. Zheng, “Key-policy attribute-based encryption scheme implementation,”
http://www.cnsr.ictas.vt.edu/resources.html.
[7] WWW.W3SCHOOLS.COM.