Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
CHAPTER 1 ABSTRACT Personal health record (PHR is an emerging patient!centric model o" health in"ormation e#change$ which is o"ten outsourced to be stored at a third part%$ such as cloud pro&iders' Howe&er$ there ha&e been wide pri&ac% concerns as personal health in"ormation could be e#posed to those third part% ser&ers and to unauthori(ed parties' )o assure the patients* control o&er access to their own PHRs$ it is a promising method to encr%pt the PHRs be"ore outsourcing' +et$ issues such as ris,s o" pri&ac% e#posure$ scalabilit% in ,e% management$ "le#ible access and e""icient user re&ocation$ ha&e remained the most important challenges toward achie&ing "ine! grained$ cr%ptographicall% en"orced data access control' -n this paper$ we propose a no&el patient!centric "ramewor, and a suite o" mechanisms "or data access control to PHRs stored in semi!trusted ser&ers' )o achie&e "ine!grained and scalable data access control "or PHRs$ we le&erage ad&anced encr%ption standard (A.S techni/ues to encr%pt each patient*s PHR "ile' Di""erent "rom pre&ious wor,s in secure data outsourcing$ we "ocus on the multiple data owner scenario$ and di&ide the users in the PHR s%stem into multiple securit% domains that greatl% reduces the ,e% management comple#it% "or owners and users' A high degree o" patient pri&ac% is guaranteed simultaneousl% b% e#ploiting multi!authorit% A0.' Our scheme also enables d%namic modi"ication o" access policies or "ile attributes$ supports e""icient on!demand user1attribute re&ocation and brea,!glass access under emergenc% scenarios' .#tensi&e anal%tical and e#perimental results are presented which show the securit%$ scalabilit% and e""icienc% o" our proposed scheme Department of Computer Science and Engineering PDACE, Gulbarga Page 1 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings INTRODUCTION -n recent %ears$ personal health record (PHR has emerged as a patient!centric model o" health in"ormation e#change' A PHR ser&ice allows a patient to create manage$ and control her personal health data in a centrali(ed place through the web$ "rom an%where and at an% time (as long as the% ha&e a web browser and -nternet connection$ which has made the storage$ retrie&al$ and sharing o" the medical in"ormation more e""icient' .speciall%$ each patient has the "ull control o" his1her medical records and can e""ecti&el% share his1her health data with a wide range o" users$ including sta""s "rom health!care pro&iders$ and their "amil% members or "riends' -n this wa%$ the accurac% and /ualit% o" care are impro&ed while the health!care cost is lowered' At the same time$ cloud computing has attracted a lot o" attention because it pro&ides Storage!as!a!Ser&ice and So"tware!as!a!Ser&ice$ b% which so"tware ser&ice pro&iders can en2o% the &irtuall% in"inite and elastic storage and computing resources' As such$ the PHR pro&iders are more and more willing to shi"t their PHR storage and application ser&ices into the cloud instead o" building speciali(ed data centers$ in order to lower their operational cost' For e#ample$ two ma2or cloud plat"orm pro&iders$ Google and Microso"t are both pro&iding their PHR ser&ices$ Google Health and Microso"t Health 3ault$ respecti&el%' 4hile it is e#citing to ha&e PHR ser&ices in the cloud "or e&er%one$ there are man% securit% and pri&ac% ris,s which could impede its wide adoption' )he main concern is about the pri&ac% o" patients* personal health data and which could gain access to the PHRs when the% are stored in a cloud ser&er' Since patients lose ph%sical control to their own personal health data$ directl% placing those sensiti&e data under the control o" the ser&ers cannot pro&ide strong pri&ac% assurance at all' First$ the PHR data could be lea,ed i" an insider in the cloud pro&ider*s organi(ation misbeha&es due to the high &alue o" the sensiti&e personal health in"ormation (PH-' A "amous incident$ a Department o" 3eterans A""airs database containing sensiti&e PH- o56'7 million militar% &eterans$ including their social securit% numbers and health problems was stolen b% an emplo%ee who too, the data home without authori(ation 859' Second$ since cloud computing is an open plat"orm$ the ser&ers are sub2ected to malicious outside attac,s' For e#ample$ Google has reported attac,s to its Gmail accounts in earl% 5:;:' Although there e#ist administrati&e regulations such as the Health -nsurance Portabilit% and Accountabilit% Act o" ;<<6 (H-PAA 8=9$ technical protections that e""ecti&el% ensure the con"identialit% o" and proper access PHR are still indispensable' Department of Computer Science and Engineering PDACE, Gulbarga Page 2 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings 1.1 Cloud computing Basic 4hat is Cloud Computing> Cloud computing is -nternet based de&elopment and use o" computer technolog%' Cloud computing is the practice o" using a networ, o" remote ser&ers hosted on the -nternet to store$ manage$ and process data$ rather than a local ser&er or a personal computer' -n concept$ -t is a conceptual paradigm shi"t whereb% details are abstracted "rom the user who no longer need ,nowledge o"$ e#pertise in$ or control o&er the technolog% in"rastructure ?in the cloud? that supports them' -t t%picall% in&ol&es the pro&ision o" d%namicall% scalable and o"ten &irtuali(ed resources as a ser&ice o&er the -nternet' )he term cloud is used as a metaphor "or the -nternet$ based on how the -nternet is depicted in computer networ, diagrams and is an abstraction o" the underl%ing in"rastructure it conceals' )%pical cloud computing ser&ices pro&ide common business applications on line that are accessed "rom a web browser$ while the so"tware and data are stored on the ser&ers' )hese ser&ices are broadl% di&ided into three categories@ i' -n"rastructure as a Ser&ice (-aaS ii' Plat"orm as a Ser&ice (PaaS$ and iii' So"tware as a Ser&ice (SaaS )he name cloud computing was inspired b% the cloud s%mbol that is o"ten used to represent the -nternet in "low charts and diagrams' ?Cloud Computing? re"ers to the use o" -nternet based computer technolog% "or a &ariet% o" ser&ices' -t is a st%le o" computing in which d%namicall% scalable and o"ten &irtuali(ed resources are pro&ided as a ser&ice o&er the -nternet on a pa%!"or!use basis$ at a "raction o" the cost o" pro&isioning a traditional Data Center based solution' All the costs associated with setting up a data center such as procuring a building$ hardware$ redundant power suppl%$ cooling s%stems$ upgrading electrical suppl%$ and maintaining a separate Disaster Reco&er% site can be passed on to a third part% &endor' Since the customer is charged onl% "or computer ser&ices used$ cloud computing costs are a "raction o" traditional technolog% e#penditures Department of Computer Science and Engineering PDACE, Gulbarga Page 3 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Infastuctu! as a s!"ic! #IaaS$% -n the most basic cloud!ser&ice model$ pro&iders o" -aaS o""er computers ! ph%sical or (more o"ten &irtual machines ! and other resources' (A h%per&isor$ such as Aen or B3M$ runs the &irtual machines as guests' Pools o" h%per&isors within the cloud operational support!s%stem can support large numbers o" &irtual machines and the abilit% to scale ser&ices up and down according to customersC &ar%ing re/uirements' -aaS clouds o"ten o""er additional resources such as a &irtual!machine dis, image librar%$ raw (bloc, and "ile!based storage$ "irewalls$ load balancers$ -P addresses$ &irtual local area networ,s (3DAEs$ and so"tware bundles' -aaS!cloud pro&iders suppl% these resources on!demand "rom their large pools installed in data centers' For wide!area connecti&it%$ customers can use either the -nternet or carrier clouds (dedicated &irtual pri&ate networ,s' )o deplo% their applications$ cloud users install operating!s%stem images and their application so"tware on the cloud in"rastructure' -n this model$ the cloud user patches and maintains the operating s%stems and the application so"tware' Cloud pro&iders t%picall% bill -aaS ser&ices on a utilit% computing basis cost re"lects the amount o" resources allocated and consumed' .#amples o" -aaS pro&iders include@ Ama(on .C5$ A(ure Ser&ices Plat"orm' Department of Computer Science and Engineering PDACE, Gulbarga Page 4 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Platfom as a s!"ic! #PaaS$% -n the PaaS model$ cloud pro&iders deli&er a computing plat"orm t%picall% including operating s%stem$ programming language e#ecution en&ironment$ database$ and web ser&er' Application de&elopers can de&elop and run their so"tware solutions on a cloud plat"orm without the cost and comple#it% o" bu%ing and managing the underl%ing hardware and so"tware la%ers' 4ith some PaaS o""ers$ the underl%ing computer and storage resources scale automaticall% to match application demand such that cloud user does not ha&e to allocate resources manuall%' .#amples o" PaaS include@ Cloud Foundr%$ OpenShi"t$ Google App .ngine$ 4indows A(ure Cloud Ser&ices' Soft&a! as a s!"ic! #SaaS$% -n the SaaS model$ cloud pro&iders install and operate application so"tware in the cloud and cloud users access the so"tware "rom cloud clients' Cloud users do not manage the cloud in"rastructure and plat"orm where the application runs' )his eliminates the need to install and run the application on the cloud userCs own computers$ which simpli"ies maintenance and support' Cloud applications are di""erent "rom other applications in their scalabilit%Fwhich can be achie&ed b% cloning tas,s onto multiple &irtual machines at run!time to meet changing wor, demand' Doad balancers distribute the wor, o&er the set o" &irtual machines' )his process is transparent to the cloud user$ who sees onl% a single access point' )o accommodate a large number o" cloud users$ cloud applications can be multitenant$ that is$ an% machine ser&es more than one cloud user organi(ation' -t is common to re"er to special t%pes o" cloud based application so"tware with a similar naming con&ention@ des,top as a ser&ice$ business process as a ser&ice$ test en&ironment as a ser&ice$ communication as a ser&ice' )he pricing model "or SaaS applications is t%picall% a monthl% or %earl% "lat "ee per user$ so price is scalable and ad2ustable i" users are added or remo&ed at an% point' .#amples o" SaaS include@ Google Apps$ Microso"t O""ice =67$ Onli&e$ G) Ee#us' Cloud cli!nts% Gsers access cloud computing using networ,ed client de&ices$ such as des,top computers$ laptops$ tablets and smart phones' Some o" these de&ices ! cloud clients ! rel% on cloud computing "or all or a ma2orit% o" their applications so as to be essentiall% useless without it' .#amples are thin clients and the browser!based Chrome boo,' Man% cloud applications do Department of Computer Science and Engineering PDACE, Gulbarga Page 5 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings not re/uire speci"ic so"tware on the client and instead use a web browser to interact with the cloud application' 4ith A2a# and H)MD7 these 4eb user inter"aces can achie&e a similar or e&en better loo, and "eel as nati&e applications' Some cloud applications$ howe&er$ support speci"ic client so"tware dedicated to these applications (e'g'$ &irtual des,top clients and most email clients' Some legac% applications (line o" business applications that until now ha&e been pre&alent in thin client 4indows computing are deli&ered &ia a screen!sharing technolog%' 1.' O()!cti"! )he main ob2ecti&e o" the proposed s%stem is to pro&ide secure patient!centric PHR access and e""icient ,e% management at the same time' )he ,e% idea is to di&ide the s%stem into multiple securit% domains (namel%$ public Cloud and pri&ate Cloud according to the di""erent users* data access re/uirements' Distributed encr%ption and access polic% change Role based access o" data 1.3 Scop! of t*! Stud+ )he proposed wor, will allow us to achie&e the goals in the di""erent scenarios li,e$ Hospital Management$ Health Care 4ebsite$ Eational health data center$ an% time access o" medical data Pri&ac% protection o" patients 1., E-isting S+st!m -n the e#isting s%stem$ PHR model has multiple owners (patients who ma% encr%pt their records according to their own wa%s' 0% using di""erent sets o" cr%ptographic ,e%s each user obtains ,e%s "rom e&er% owner who*s PHR has to be read would limit the accessibilit% since the patients are not alwa%s online' Another method is central authorit% to do the ,e% management on behal" o" all PHR owners (patients$ this re/uires too much trust on single authorit%' Disad"antag!s Department of Computer Science and Engineering PDACE, Gulbarga Page Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings ;' )here ha&e been wide pri&ac% concerns as personal health in"ormation could be e#posed to those third part% ser&ers and to unauthori(ed parties' 5' Eon!a&ailabilit% o" authori(ation "or the accessibilit% o" health records which leads to an insecure data manipulation 1.. Popos!d S+st!m A secured "ramewor, "or patient!centric in"ormation and a suite o" mechanisms "or data access control to PHRs has been proposed' )o achie&e "ine!grained and scalable data access control "or PHRs$ we le&erage ad&anced encr%ption standard (A.S techni/ues to encr%pt each patient*s PHR "ile and use the securit% polic% to allow the access o" the data' Ad"antag!s fo Popos!d S+st!m )he proposed s%stem has the "ollowing ad&antages Pro&ides higher le&el Data con"identialit% On!demand re&ocation 4rite access control Scalabilit% and usabilit% )o pro&ide user "riendl% en&ironment )o pro&ide eas% and "aster access in"ormation Huic,l% "ind out in"ormation o" patient details -t pro&ides an eas% plat"orm "or medical data sharing between healthcare and patient' Applications Hospital Management Health Care 4ebsite Eational health data center An% time access o" medical data Pri&ac% protection o" patients Department of Computer Science and Engineering PDACE, Gulbarga Page ! Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings 1./ 0it!atu! su"!+ 112 3u4 S.4 5ang4 C.4 R!n4 6.4 0ou4 5.% Ac*i!"ing s!cu!4 scala(l!4 and fin!7gain!d data acc!ss contol in cloud computing. In% IEEE IN8OCO9 ':1: #':1:$ An e#tensi&e literature sur&e% is conducted to in&estigate the &arious approaches "or managing the patient records' )o ,eep sensiti&e user data con"idential against un!trusted ser&ers$ e#isting solutions usuall% appl% cr%ptographic methods b% disclosing data decr%ption ,e%s onl% to Authori(ed users' -n order to achie&e secure scalable and "ine grained data access control in Cloud Computing authors used the combination o" di""erent t%pes o" algorithms &i('$ Attribute 0ased .ncr%ption (A0.$ pro#% re!encr%ption$ and la(% re!encr%ption' 1'2 0iang4 ;.4 0u4 R.4 0in4 ;.4 S*!n4 ;.S.% Cip*! t!-t polic+ atti(ut! (as!d !nc+ption &it* !ffici!nt !"ocation. T!c*nical R!pot4 Uni"!sit+ of 5at!loo #':1:$ A cipher te#t polic% attribute based encr%ption scheme with e""icient re&ocation$ construction uses linear secret sharing and binar% techni/ues as underl%ing tools are used$ each user is assigned a uni/ue identi"ier$ there"ore user can be easil% re&o,ed b% using his1her uni/ue identi"ier' 1<2 C*as!4 9.4 C*o&4 S.S.% Impo"ing pi"ac+ and s!cuit+ in multi7aut*oit+ atti(ut! (as!d !nc+ption. In% CCS '::=4 pp. 1'1>1<: #'::=$ Multi!authorit% A0. scheme speci"ies that multiple attribute!authorities monitor di""erent sets o" attributes and issue corresponding decr%ption ,e%s to users$ and encr%ptors re/uires that a user obtain ,e%s "or appropriate attributes "rom each authorit% be"ore decr%pting a message' Chase M' et al'$ gi&en a solution which remo&es the trusted central authorit%$ and protects the users* pri&ac%' Department of Computer Science and Engineering PDACE, Gulbarga Page " Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings 1,2 B!nalo*4 ?.4 C*as!4 9.4 Ho"it@4 E.4 0aut!4 6.% Pati!nt contoll!d !nc+ption% !nsuing pi"ac+ of !l!ctonic m!dical !cods. In% CCS5 '::=% Poc!!dings of t*! '::= AC9 &oAs*op on Cloud computing s!cuit+4 pp. 1:<>11, #'::=$ )he challenges o" preser&ing patients* pri&ac% in electronic health record s%stems$ securit% in the s%stems should be en"orced &ia encr%ption as well as access control' Furthermore we argue "or approaches that enable patients to generate and store encr%ption ,e%s$ so that the patients* pri&ac% is protected should the host data center 0e compromised' 1.2 I(aimi4 0.4 Asim4 9.4 P!tAo"ic4 9.% S!cu! manag!m!nt of p!sonal *!alt* !cods (+ appl+ing atti(ut!7(as!d !nc+ption. T!c*nical R!pot4 Uni"!sit+ of T&!nt! #'::=$ A new &ariant o" a cipher te#t!polic% proposed b% Daun -braim et' al'$ comprises attributeIbased encr%ption scheme to en"orce patient1organi(ational access control policies such that e&er%one can download the encr%pted data but onl% authori(ed users "rom the social domain (e'g' "amil%$ "riends$ or "ellow patients or authori(ed users "rom the pro"essionals domain (e'g' doctors or nurses are allowed to decr%pt it' )he con"identl% o" personal health records is a ma2or problem when patients use commercial web!based s%stems to store their health data' )raditional access control mechanisms$ such as Role!0ased Access control' 1/2 Bold+!"a4 A.4 Bo+al4 C.4 6uma4 C.% Id!ntit+7(as!d !nc+ption &it* !ffici!nt !"ocation. In% CCS '::D4 pp. ,1E>,'/ #'::D$ )he Fu((% -0. primiti&e and binar% tree data structure$ and is pro&abl% secure' An -dentit%! 0ased encr%ption (-0. is an e#citing alternati&e to public ,e% encr%ption' As -0. eliminates the need "or a public ,e% in"rastructure (PB-$ the senders using an -0. do not need to loo, up the public ,e%s and the corresponding certi"icates o" the recei&ers' Department of Computer Science and Engineering PDACE, Gulbarga Page # Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings 1E2 Atalla*4 9.?.4 8iAA!n4 6.B.4 Blanton4 9.% D+namic and !ffici!nt A!+ manag!m!nt fo acc!ss *i!ac*i!s. In% CCS '::.4 pp. 1=:>':' #'::.$ the problem o" ,e% management in an access hierarch% has elicited much interest in the literature' the hierarch% is modeled as a set o" partiall% ordered classes(represented as a directed graph$ and a user who obtains access(i'e'$ a ,e% to a certain class can also obtain access to all descendent classes o" her class through ,e% deri&ation' our solution to the abo&e problem has the "ollowing properties@ (-ndiaonl% hash "unctions are used "or a node to deri&e a descendant* ,e% "rom its own ,e%J (ii the space comple#it% o" the public in"ormation is the same as that o" storing the hierarch%' 1D2Pi"ac+ p!s!"ing HER S+st!m Using Atti(ut! 7(as!d infastuctu! S*i"aamaAis*na Naa+an 4 9atin Bagn! -n the paper$ Author e#plore techni/ues which guarantees securit% and pri&ac% o" Medical data stored in the cloud' 4e show how new primiti&es in attribute Ibased Cr%ptograph can be used o construct a secure and pri&ac%!preser&ing H.R s%stems that .nables patients to share their data among healthcare pro&iders in a "le#ible$ d%namic and Scalable manner' 1=2 Aut*oi@!d Pi"at! 6!+&od S!ac* O"! Enc+pt!d Data in Cloud Computing 9ing 0i 4 S*uc*!ng 3u4 Ning cao and 5!n)ing 0ou -n this paper $using online Personal Health Record (PHR as a case stud%$ we "irst show )he necessit% o" search capabilit% authori(ed that reduces the pri&ac% e#posure Resulting "rom the search results$ and establish a scalable "ramewor, "or Authori(ed Pri&ate Be%word Search (APBS o&er encr%pted cloud data' 4e then propose to no&el Solutions "or APBS based on a recent cr%ptographic primiti&e$ Hierarchical Predicate .ncr%ption (HP.' Our solutions enable e""icient multi!dimensional ,e%word searches 4ith range /uer%$ allow delegation and re&ocation o" search capabilities 'More o&er$ we .nhance the /uer% pri&ac% which hides users* /uer% ,e%words against the ser&er' 4e -mplement our scheme on a modern wor,station$ and e#perimental results demonstrate its Suitabilit% "or practical usage' Department of Computer Science and Engineering PDACE, Gulbarga Page 1$ Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings 11:2 Aut*oi@!d Pi"at! 6!+&od S!ac* O"! Enc+pt!d P!sonal H!alt* R!cods in Cloud Computing 9ing 0iF4 S*uc*!ng 3u+4 Ning CaoF -n this paper $ Author "ormulate and address the problem o" authori(ed pri&ate ,e%word Searches (APBS on encr%pted PHR in cloud computing en&ironment ' we "irst present a Scalable an "ine!grained authori(ed "rame wor, "or searching on encr%pted PHR$ where users Obtain /uer% capabilities "rom locali(ed trusted authorities according to their attributes $ 4hich is highl% scalable with the user scale o" the s%stem' )hen we propose two no&els solutions For APBS based on a recent cr%ptographic primiti&e$ hierarchical predicate encr%ption (HP.$ one with enhanced e""icienc% and the other with enhanced /uer% pri&ac%' -n addition to document pri&ac% and /uer% pri&ac%$ other salient "eatures o" our schemes include@ e""icientl% support multi!dimensional$ multiple Be%word searches with simple range /uer% $allow delegation and re&ocation o" search capabilities' 4e implement our scheme on a modern wor,station$ e#perimental results demonstrate its suitabilit% "or practical usage' CHAPTER ' Department of Computer Science and Engineering PDACE, Gulbarga Page 11 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings '.1 9odul!s )he "ollowing three modules are ;' PHR Owner1 patient module 5' Data con"identialit% module =' Cloud Ser&er module 1 PHR O&n!Gpati!nt modul!% )he main goal o" this module is to pro&ide secure patient! centric PHR access and e""icient ,e% management at the same time' )he ,e% idea is to di&ide the s%stem into multiple securit% domains (namel% public clouds and pri&ate clouds according to the di""erent users* data access re/uirements' PHR ser&ice pro&iders encr%pt patients* data$ PHR ser&ices should gi&e patients (PHR owners "ull control o&er the selecti&e sharing o" their own PHR data'
' Data Confid!ntialit+ modul!% )he owners upload encr%pted PHR "iles to the ser&er' .ach owner*s PHR "ile is encr%pted both under a certain "ine grained and role!based access polic% "or users "rom the public clouds to access and under a selected set o" data attributes that allows access "rom users in the pri&ate clouds' Onl% authori(ed users can decr%pt the PHR "iles'
< Cloud s!"! modul!% )he main "unction o" cloud ser&er is to create an inter"ace between the application and users' )he authentication o" the user name and password is carried out' -" user is authentic then he1she gets access to his1her records' CHAPTER < Department of Computer Science and Engineering PDACE, Gulbarga Page 12 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings <.1 Ac*it!ctu! Fig =';' S%stem Architecture <.' Algoit*m Us!d Ad&anced .ncr%ption Standard (A.S is a s%mmetric bloc, cipher which uses the same ,e% "or both encr%ption and decr%ption' )he algorithm allows a &ariet% o" bloc, and ,e% si(es$ and not 2ust the 6K and 76 bits o" D.S bloc, and ,e% si(es$ the bloc, and ,e% si(e can be chosen "rom ;5L$ ;6:$ ;<5$ 55K$ 576 bitsM )he A.S standard states that the algorithm can onl% accept a bloc, si(e o" ;5L bits and a choice o" three ,e%s ;5L$ ;<5$ 576 bits' For encr%ption the number o" rounds depends on the chosen ,e% length' )he ,e% length ;5L bits uses ;: round$ the ,e% length ;<5 bits uses ;5 round$ the ,e% length 576 bits uses ;K rounds' Enc+ption@ .ach round consist o" "ollowing K stages Department of Computer Science and Engineering PDACE, Gulbarga Page 13 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings ;' Substitution 0%tes 5' Shi"t Rows =' Mi# columns K' Add Round Be% D!c+ption@ .ach round consists o" the "ollowing "our stages ;' -n&erse Shi"t rows 5' -n&erse Substitute b%tes =' -n&erse Add Round Be% K' -n&erse Mi# Columns Step;@ )he substitute b%tes stage uses an s!bo# to per"orm a b%te!b%!b%te substitution o" the bloc,$ there is a single L!bit wide s!bo# used on e&er% b%te$ this s!bo# is permutation o" all 576 L!bits &alues' Step 5@ )he shi"t rows stage pro&ides a simple permutation o" the data$ -t per"orms the shi"ting the rows o" the state arra% during "orward process$ circular rotate on each row o" :$;$5 and = places "or respecti&e rows Step =@ : Operates on each column individually, each byte is replaced by a value dependent on all 4 bytes in the column it per"orms the mi#ing up o" the b%tes in each column separatel%' Step K@ )he add round ,e% stage which is simple bitwise AOR o" the current bloc, with a portion o" the e#panded ,e%$ CHAPTER , Department of Computer Science and Engineering PDACE, Gulbarga Page 14 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings REHUIRE9ENTS ENBINEERINB ,.1 Had&a! R!Iui!m!nts )he hardware re/uirements ma% ser&e as the basis "or a contract "or the implementation o" the s%stem and should there"ore be a complete and consistent speci"ication o" the whole s%stem' )he% are used b% so"tware engineers as the starting point "or the s%stem design' -t should what the s%stem do and not how it should be implemented' Processor !Pentium I--- Speed ! ;'; Gh( RAM ! 576 M0(min ,.' Soft&a! R!Iui!m!nts Operating S%stem @ 4indows<71<L15:::1AP Plat"orm@ @net Danguage @ CN 1ASP' Eet Database @ Cloud Ser&er ,.< 8unctional R!Iui!m!nts A "unctional re/uirement de"ines a "unction o" a so"tware!s%stem or its component' A "unction is described as a set o" inputs$ the beha&ior$ and outputs' )he proposed s%stem is achie&ed b% creating a search engine which ma% decrease the searching time o" the user in the semantic web and can able to gi&e a accurate result to the user' CHAPTER . Department of Computer Science and Engineering PDACE, Gulbarga Page 15 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings DESIBN ENBINEERINB ..1 B!n!al Design .ngineering deals with the &arious GMD 8Gni"ied Modeling language9 diagrams "or the implementation o" pro2ect' Design is a meaning"ul engineering representation o" a thing that is to be built' So"tware design is a process through which the re/uirements are translated into representation o" the so"tware' Design is the place where /ualit% is rendered in so"tware engineering' Design is the means to accuratel% translate customer re/uirements into "inished product' ..' Us! Cas! Diagam A use case diagram is a t%pe o" beha&ioral diagram created "rom a Gse!case anal%sis' )he purpose o" use case is to present o&er&iew o" the "unctionalit% pro&ided b% the s%stem in terms o" actors$ their goals and an% dependencies between those use cases' -n the below diagram se&en use cases are depicted' )he% are used to search result using CS) methods' ADMIN PATIENT Department of Computer Science and Engineering PDACE, Gulbarga Page 1 EN!"PT#DE!"PT IN$E!T#%PDATE &IE' PATIENT DATA MA Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings
(O%D MANA)E! Fig 7'5 Gse case Diagram ..< Dataflo& Diagam A data "low diagram (DFD is a graphical representation o" the O"lowP o" data through an in"ormation s%stem' -t di""ers "rom the "lowchart as it shows the data "low instead o" the control "low o" the program' A data "low diagram can also be used "or the &isuali(ation o" data processing' )he DFD is designed to show how a s%stem is di&ided into smaller portions and to highlight the "low o" data between those parts' Department of Computer Science and Engineering PDACE, Gulbarga Page 1! Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig' 7'= data"low diagram .., S!Iu!nc! Diagam A se/uence diagram in GMD is a ,ind o" interaction diagram that shows how processes operate with one another and in what order' -t is a construct o" a message se/uence chart' Se/uence diagrams are sometimes called .&ent!trace diagrams$ e&ent scenarios$ and timing diagrams' )he below diagram shows the se/uence "low o" the Parallel data Processing in )he Cloud Department of Computer Science and Engineering PDACE, Gulbarga Page 1" Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig'7'K Se/uence Diagram "or
Department of Computer Science and Engineering PDACE, Gulbarga Page 1# Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings CHAPTER / RESU0TS AND DISCUSSIONS )he "ollowing "igures e#plains about cloud Ser&ices i. Ser&ice Pro&ider 4indow Ser&ice Pro&ider SHD Ser&ice Pro&ider Document Ser&ice Pro&ider )o access these ser&ices user has to be register into the cloud through Gser registration -nter"ace' Department of Computer Science and Engineering PDACE, Gulbarga Page 2$ Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings /.1 Us!GPati!nt R!gistation Fig 6'; Gser1Patient Registration /.' Us!GPati!nt 0ogin Department of Computer Science and Engineering PDACE, Gulbarga Page 21 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'5 Gser1Patient Dogin Description@ the "igure shows user1patient can login into cloud b% pro&iding his username and password Department of Computer Science and Engineering PDACE, Gulbarga Page 22 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings /.< Admin 0ogin Fig 6'= Admin Dogin /., Enc+pt Pati!nt Info Department of Computer Science and Engineering PDACE, Gulbarga Page 23 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'K .ncr%pt Patient -n"o /.. Ins!t Pati!nt Info Department of Computer Science and Engineering PDACE, Gulbarga Page 24 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'7 insert Patient -n"o /./ Ci!& All Pati!nts Department of Computer Science and Engineering PDACE, Gulbarga Page 25 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'6 3iew All Patients Department of Computer Science and Engineering PDACE, Gulbarga Page 2 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings /.E Enc+ption Poc!ss Fig 6'Q .ncr%ption Process Department of Computer Science and Engineering PDACE, Gulbarga Page 2! Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'L 0rowse image Department of Computer Science and Engineering PDACE, Gulbarga Page 2" Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6'< upload the image Department of Computer Science and Engineering PDACE, Gulbarga Page 2# Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6';: s,%dri&e permission Department of Computer Science and Engineering PDACE, Gulbarga Page 3$ Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6';; -mage Sa&ed -n Cloud Department of Computer Science and Engineering PDACE, Gulbarga Page 31 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6';5 .ncr%ption )ime Department of Computer Science and Engineering PDACE, Gulbarga Page 32 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings /.D D!c+ption poc!ss Fig 6';= Admin Dogin Department of Computer Science and Engineering PDACE, Gulbarga Page 33 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6';K Download and Decr%pt Department of Computer Science and Engineering PDACE, Gulbarga Page 34 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Fig 6';7Decr%ption )ime Department of Computer Science and Engineering PDACE, Gulbarga Page 35 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings P!fomanc!. Ima*e si+e in pi,els Fig 6';6@ A line graph o" encr%ption and upload time(sec &erses image si(e in pi#els ' CHAPTER E SO8T5ARE TESTINB E.1 B!n!al )he purpose o" testing is to disco&er errors' )esting is the process o" tr%ing to disco&er e&er% concei&able "ault or wea,ness in a wor, product' -t pro&ides a wa% to chec, the "unctionalit% o" components$ sub assemblies$ assemblies and1or a "inished product -t is the process o" e#ercising so"tware with the intent o" ensuring that the So"tware s%stem meets its re/uirements and user e#pectations and does not "ail in an unacceptable manner' )here are &arious t%pes o" test' .ach test t%pe addresses a speci"ic testing re/uirement' E.' D!"!loping 9!t*odologi!s Department of Computer Science and Engineering PDACE, Gulbarga Page 3 Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings )he test process is initiated b% de&eloping a comprehensi&e plan to test the general "unctionalit% and special "eatures on a &ariet% o" plat"orm combinations' Strict /ualit% control procedures are used' )he process &eri"ies that the application meets the re/uirements speci"ied in the s%stem re/uirements document and is bug "ree' )he "ollowing are the considerations used to de&elop the "ramewor, "rom de&eloping the testing methodologies' E.<T+p!s of T!sts E.<.1 Unit t!sting Gnit testing in&ol&es the design o" test cases that &alidate that the internal program logic is "unctioning properl%$ and that program input produce &alid outputs' All decision branches and internal code "low should be &alidated' -t is the testing o" indi&idual so"tware units o" the application 'it is done a"ter the completion o" an indi&idual unit be"ore integration' )his is a structural testing$ that relies on ,nowledge o" its construction and is in&asi&e' Gnit tests per"orm basic tests at component le&el and test a speci"ic business process$ application$ and1or s%stem con"iguration' Gnit tests ensure that each uni/ue path o" a business process per"orms accuratel% to the documented speci"ications and contains clearl% de"ined inputs and e#pected results' E.<.' 8unctional t!st Functional tests pro&ide s%stematic demonstrations that "unctions tested are a&ailable as speci"ied b% the business and technical re/uirements$ s%stem documentation$ and user manuals' Functional testing is centered on the "ollowing items@ 3alid -nput @ identi"ied classes o" &alid input must be accepted' -n&alid -nput @ identi"ied classes o" in&alid input must be re2ected' Functions @ identi"ied "unctions must be e#ercised' Output @ identi"ied classes o" application outputs must be e#ercised' S%stems1Procedures@ inter"acing s%stems or procedures must be in&o,ed' E.<.< S+st!m T!st Department of Computer Science and Engineering PDACE, Gulbarga Page 3! Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings S%stem testing ensures that the entire integrated so"tware s%stem meets re/uirements' -t tests a con"iguration to ensure ,nown and predictable results' An e#ample o" s%stem testing is the con"iguration oriented s%stem integration test' S%stem testing is based on process descriptions and "lows$ emphasi(ing pre!dri&en process lin,s and integration points' E.<., P!fomanc! T!st )he Per"ormance test ensures that the output be produced within the time limits$and the time ta,en b% the s%stem "or compiling$ gi&ing response to the users and re/uest being send to the s%stem "or to retrie&e the results' E.<.. Int!gation T!sting So"tware integration testing is the incremental integration testing o" two or more integrated so"tware components on a single plat"orm to produce "ailures caused b% inter"ace de"ects' )he tas, o" the integration test is to chec, that components or so"tware applications$ e'g' components in a so"tware s%stem or I one step up I so"tware applications at the compan% le&el I interact without error' E.<./ Acc!ptanc! T!sting Gser Acceptance )esting is a critical phase o" an% pro2ect and re/uires signi"icant participation b% the end user' -t also ensures that the s%stem meets the "unctional re/uirements' Acceptance testing "or Data S%nchroni(ation@ )he Ac,nowledgements will be recei&ed b% the Sender Eode a"ter the Pac,ets are recei&ed b% the Destination Eode' )he Route add operation is done onl% when there is a Route re/uest in need )he Status o" Eodes in"ormation is done automaticall% in the Cache Gpdation process E.<.E Build t*! t!st plan An% pro2ect can be di&ided into units that can be "urther per"ormed "or detailed processing' )hen a testing strateg% "or each o" this unit is carried out' Gnit testing helps to identit% the possible bugs in the indi&idual component$ so the component that has bugs can be identi"ied and can be recti"ied "rom errors' Department of Computer Science and Engineering PDACE, Gulbarga Page 3" Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings CHAPTER D CONC0USION )he proposed method o&ercomes the drawbac,s o" the e#isting s%stem and pro&ides higher securit% le&el b% using Ad&anced .ncr%ption Standard (A.S encr%ption algorithm' )his approach allows the users to maintain the data in a secured cloud en&ironment b% meeting the goals li,e data con"identialit%$ write access control$ on!demand re&ocation$ etc' -t also ma,es sure that the secret data o" the patient is accessed and used b% onl% authori(ed persons$ pro&iding highest le&el o" securit%$ )he main motto o" the patient centric model is that the share the personal health records o" the patient with ma#imum securit%$ patient centric concept$ patients will ha&e complete control o&er encr%pting their PHR "iles to allow "ine!grained access' '
RE8ERENCES Department of Computer Science and Engineering PDACE, Gulbarga Page 3# Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings -./ "u, $0, 'an*, 0, !en, 10, (ou, '0: Achievin* secure, scalable, and 2ne3*rained data access control in cloud computin*0 In: IEEE IN4OOM 56.6 756.68 -5/ (ian*, 90, (u, !0, (in, 90, $hen, 90$0: ipher te,t policy attribute based encryption :ith e;cient revocation0 Technical !eport, %niversity o< 'aterloo 756.68 -=/ hase, M0, ho:, $0$0: Improvin* privacy and security in multi3authority attribute based encryption0 In: $ 566>, pp0 .5.?.=6 7566>8 -4/ @enaloh, A0, hase, M0, Borvit+, E0, (auter, 10: Patient controlled encryption: ensurin* privacy o< electronic medical records0 In: $' 566>: Proceedin*s o< the 566> AM :orCshop on loud computin* security, pp0 .6=?..4 7566>8 -D/ Ibraimi, (0, Asim, M0, PetCovic, M0: $ecure mana*ement o< personal health records by applyin* attribute3based encryption0 Technical !eport, %niversity o< T:ente 7566>8 -E/ @oldyreva, A0, )oyal, &0, 1umar, &0: Identity3based encryption :ith e;cient revocation0 In: $ 566F, pp0 4.G?45E 7566F8 -G/ Atallah, M0A0, 4riCCen, 10@0, @lanton, M0: Dynamic and e;cient Cey mana*ement <or access hierarchies0 In: $ 566D, pp0 .>6?565 7566D8 Department of Computer Science and Engineering PDACE, Gulbarga Page 4$ Securing Public Health Records in Cloud Computing Patient Centric And Fine Grained Data Access Control in Multi Owner Settings Department of Computer Science and Engineering PDACE, Gulbarga Page 41