Privacy preserving secure data exchange in mobile p2 p

Privacy preserving secure data
exchange in mobile P2P
cloud healthcare environment
Sk. Md. Mizanur Rahman · Md. Mehedi Masud
M. Anwar Hossain · Abdulhameed Alelaiwi ·
Mohammad Mehedi Hassan · Atif Alamri
Received: 2 October 2014 / Accepted: 6 February 2015
© Springer Science+Business Media New York 2015
Dhaka University of Engineering and Technology, Gazipur
Presented by
Md. Mostafijur Rahman
Masters Student ID #: 132431(p)
Department of Computer Science and Engineering

Outline of the talk
• P2P cloud
o Technology context: multi-core, virtualization, 64-bit processors, parallel
computing models, big-data storages…
• Describes the related work
• Elaborates on the privacy and security threats, which can occur
when cloud peers exchange data over an unsecured channel and
highlights our contribution.
• Secure data exchange : we describe how the data exchange
policy/mapping is established between two cloud peers for our proposed
protocol
• Pairing-based cryptography , we discuss issues of cryptographic
implementation and prevention of different attacks in the proposed
anonymous secure data exchange protocol.
• Anonymous authentication

ABSTRACT
• Cloud computing technology offers the possibility of inter
organizational medical data sharing at a larger scale. The different
organizations can maintain their own cloud environment while
exchanging healthcare data among them in a peer-to-peer(P2P)
fashion according to some defined polices.
• Our proposed solution allows cloud peers to dynamically generate
temporary identities that are used to produce a session key for each
session of data exchange.
• Protocol is robust against different attacks, such as target-oriented,
man-in-the middle, masquerade, and message manipulation
attacks.

Operation Work
In this paper we propose an anonymous on-the-fly secure data exchange
protocol for such environment based on pairing-based cryptography. The
proposed solution does not require a centralized control for the peers and
it can avoid the expensive Public Key Infrastructure (PKI) based approach.
The proposed scheme allows cloud peers to dynamically generate
temporary identities that are used to produce a session key for each
session of data exchange. It is robust against different security attacks,
such as target-oriented, man-in-the middle, masquerade, and message
manipulation attacks.
Hospital, clinics, medical laboratories, pharmacists, and other
stakeholders) are willing to share and exchange data about patients’
treatments, medications, and test results
over an insecure network such as the Internet.

Operation
Fig. 1 An example model of a collaborative healthcare scenario using P2P-Cloud-DB architecture

Operation healthcare scenario of a P2P
In this scenario, family doctors (FDDB), hospitals (HDB), medical laboratories
(LABDB), pharmacies (PHDB), and other stakeholders (e.g. medical research cells
(RDB)) are willing to exchange or coordinate information about patients’
treatments, medications, test results, and diseases.
In the system, an organization (a cloud peer) may need to be exchange data with
other related organizations (cloud peers) according to some established policies
between them. For example, family doctors may want to keep track of patients’
medications for some specific diseases. Therefore, FDDB should have a link with
the PHDB.
Any patient in PHDB diagnosed with a disease that is of interest to family doctors
may have data that needs to be exchanged with FDDB. Moreover, family doctors
may be interested in collecting test results of their patients from LABDB and the
medications that their patients take while staying at hospitals and hence a link
between FDDB and HDB is required. The links between cloud peers in the figure
are formally a set of mappings or mapping constraints.

Anonymous Dynamic
Pseudo-ID generation technique
in P2P-Cloud-DB
Figure Above : In this paper, we propose an anonymous secured data exchange
protocol between cloud peers where cloud peers generate dynamic IDs and the
corresponding session keys on-the-fly for data exchange based on the requested
query. In our protocol, when two cloud peers want to exchange data, each of them
generates its dynamic ID and the corresponding secret session key using the
shared attributes between them by computing a pairing function over an elliptic
curve. Then the cloud peers authenticate each other in a challenge and response
fashion.

Key agreement & anonymous secure data exchange in P2P

Operation
Step-by-step procedure of the Proposed Protocol
STEP 1: A query Qt is generated at the target Pj .
STEP 2: Target Pj determines group G1, hash functions
H1 and H2 and performs the following steps:
2.a: Generates a dynamic temporary ID
TIDP , a dynamic authentication code
MACCA∧∨NCAj→i and a random number Rj .
2.b: Pj sends < G1,H1,H2,Rj, TIDP MACCA∧∨NCAj→i > to the source Pi .
STEP 3: Source Pi generates MACCA∧∨NCAi,θ
; 1 ≤ θ ≤ n and compares with MACCA∧∨NCAj→i .
If any one of MACCA∧∨NCAi,θ matches with
MACCA∧∨NCAj→i then

Operation
3.c: Generates a secret session key KSi, and an authentication code Aut0.
3.d: Sends < G2, ˜ e,H3, TIDPi , RPii−SESSION , Aut0 > to the target Pj .
STEP 4: Target Pj generates secret session key KSj , and verification code V er0.
4.a: Generates a random number RPjj−SESSION .
4.b: Compares V er0 with Aut0 if V er0 =
Aut0 then generates Aut1.
4.c: Sends < RPjj−SESSION,Aut1 > to the source Pi .
STEP 5: Source Pi generates verification code V er1.
5.a: Compares V er1 with Aut1 if V er1 = Aut1 then generates message authentication
code MACMESSAGE.
5.b: Encrypts query result QRt, with session key KSi denoted as CIPHERQRt
.5.c: Sends < TIDPi ,CIPHERQRt , MACMESSAGE, TIDPj > to the target Pj .
STEP 6: Target decrypts CIPHERQRt with session key KSj ; generates verification message
authentication code VERMESSAGE; compares VERMESSAGE with MACMESSAGE. if
VERMESSAGE = MACMESSAGE then data is accepted.

Anonymous secure data exchange in
P2P-Cloud-DB Duration

RISKS ASOCIATED WITH
CLOUD
• Privacy threat : Procedures are being developed to improve security
and performance in the cloud.
• Masquerade attack : Malicious peer may pretend to be a valid target of a
source by stealing the identity of the real target.
• Man-in-the-middle attack : Shim proposed an improved identity-based
authenticated key agreement protocol by including certified public keys. The
author claims that the protocol provides attractive security properties, such
as, known-key security, forward secrecy, key compromise impersonation
resilience, and unknown key-share resilience.
• Message manipulation attack : For this attack, an attacker needs to take
part in the message communication. To this end, it is necessary to be a
valid node in the network. In our protocol, an attacker cannot forge the data
exchange session and data packet as was already discussed.

RESEARCH ISSUES
• Define the characteristics of an application under test and the
types of testing done on the application. providing all this in a
cost-effective manner?
• Evaluate whether certain testing infrastructure in the cloud
really helps to meet a specific performance attribute.
• Validate the quality of cloud tested applications at all levels. .
• Management of test data

Summary
• In this paper, we have presented a novel privacy preserving :
• Secure data exchange protocol for a P2P cloud environment in a health care domain.
Using this protocol a peer in a P2P-Cloud-DB generates a dynamic temporary ID .
• Fly and corresponding session key by exchanging some system and session parameters
with other peers. The protocol is based on pairing-based cryptographic model where the
generated system and session parameters are derived from the confidential and non-
confidential attributes that are present in the data schema of the P2P-Cloud-DB.
• An important feature of the proposed protocol is that peers always generate a new
dynamic temporary ID and a corresponding session key based on the query initiated by
a target peer and authenticate themselves anonymously without disclosing their IDs.
Thus, every session is completely independent with respect to the ID and session key
generation.
• Hence the proposed protocol successfully prevents different attacks such as man-in-
the-middle attack, masquerade attack, message manipulation attack, and the more
sophisticated target oriented attack. This approach has the potential to bring confidence
into P2P cloud database system in case of anonymous secure data exchange in the
health care domain.

References & useful links
• 1. Fuxman A, Kolaitis PG, Miller RJ, Tan WC (2005) Peer data
exchange. In ACM Trans Database Syst 31(4):1454–1498
• 2. Beeri C, Vardi MY (1984) A proof procedure for data
dependencies. In JACM 31(4):718–741
• 3. Halevy AY, Ives ZG, Suciu D, Tatarinov I (2003) Schema
mediation in peer data management system. In: Proceedings of the
international conference on data engineering, pp 505–516

Section Questions and Answers
Thanks

Privacy preserving secure data exchange in mobile p2 p

More Related Content

What's hot

Similar to Privacy preserving secure data exchange in mobile p2 p

More from www.pixelsolutionbd.com

Recently uploaded

Privacy preserving secure data exchange in mobile p2 p

Editor's Notes