emerging patient health information exchange system on cloud

8/13/2019 Emerging Patient Health Information Exchange System on Cloud

1/6

EMERGING PATIENT HEALTH INFORMATION EXCHANGE SYSTEM

ON CLOUD

Abstract

Personal health record (PHR) is an emerging patient-centric model of

health information exchange, which is often outsourced to be stored at a third party,

such as cloud providers. However, there have been wide privacy concerns as personal

health information could be exposed to those third party servers and to unauthoried

parties. !o assure the patients" control over access to their own PHRs, it is a promising

method to encrypt the PHRs before outsourcing. #et, issues such as ris$s of privacy

exposure, scalability in $ey management, flexible access and efficient user revocation,

have remained the most important challenges toward achieving fine-grained,

cryptographically enforced data access control. %n this paper, we propose a novel

patient-centric framewor$ and a suite of mechanisms for data access control to PHRsstored in semi-trusted servers. !o achieve fine-grained and scalable data access control

for PHRs, we leverage attribute based encryption (&') techniues to encrypt each

patient"s PHR file. *ifferent from previous wor$s in secure data outsourcing, we focus

on the multiple data owner scenario, and divide the users in the PHR system into

multiple security domains that greatly reduces the $ey management complexity for

owners and users. & high degree of patient privacy is guaranteed simultaneously by

exploiting multi-authority &'. +ur scheme also enables dynamic modification of

access policies or file attributes, supports efficient on-demand userattribute revocation

and brea$-glass access under emergency scenarios. xtensive analytical and

experimental results are presented which show the security, scalability and efficiency of

our proposed scheme.

Existing System

In Existing system a PHR system model, there are multiple owners who may

encrypt according to their own ways, possiblyusing different sets of cryptographic

keys !etting eachuser obtain keys from e"ery owner who#s PHR shewants to read

would limit the accessibility since patients are not always online An alternati"e is toemploy a central authority $%A& to do the key management onbehalf of all PHR

owners, but this re'uires too muchtrust on a single authority $ie, cause the key

escrowproblem&


2/6

Key escrow$also known as a fair cryptosystem& is an arrangement in

which the keys needed to decrypt encrypteddata are held in escrowso that, under

certain circumstances, an authori(ed third party may gain access to those keys

)hese third parties may include businesses, who may want access to employees*

pri"ate communications, or go"ernments, who may wish to be able to "iew the

contents of encrypted communications

Proposed System

+e endea"or to study the patient centric, secure sharing of PHRs stored on

semitrusted ser"ers, and focus on addressing the complicated and challenging key

management issues In order to protect the personal health data stored on a semi

trusted ser"er, we adopt attributebased encryption $A-E& as the main encryption

primiti"e

.sing A-E, access policies are expressed based on the attributes of users or

data, which enables a patient to selecti"ely share her PHR among a set of users by

encrypting the file under a set of attributes, without the need to know a complete

list of users

)he complexities per encryption, key generation and decryption are only

linear with the number of attributes in"ol"ed

/odules

0 Registration

1 .pload files

2 A-E for 3inegrained 4ata Access %ontrol

5 Setup and 6ey 4istribution

7 -reakglass

/odules 4escription

Registration
http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Escrowhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Escrow


3/6

In this module normal registration for the multiple users )here are multiple

owners, multiple AAs, and multiple users )he attribute hierarchy of files 8 leaf nodes is

atomic file categories while internal nodes are compound categories 4ark boxes are the

categories that a PS4#s data reader ha"e access to

)wo A-E systems are in"ol"ed9 for each PS4 the re"ocable 6PA-E scheme is

adopted for each P.4, our proposed re"ocable /AA-E scheme

P.4 public domains

PS4 personal domains

AA attribute authority

/AABE - multi-authority ABE

6PABE - key policy ABE

.pload files

In this module, users upload their files with secure key probabilities )he owners

upload A-Eencrypted PHR files to the ser"er Each owner#s PHR file encrypted both under a

certain fine grained model

A-E for 3inegrained 4ata Access %ontrol

In this module A-E to reali(e finegrained access control for outsourced data

especially, there has been an increasing interest in applying A-E to secure electronic

healthcare records $EHRs& An attributebased infrastructure for EHR systems, where each

patient#s EHR files are encrypted using a broadcast "ariant of %PA-E that allows direct

re"ocation Howe"er, the cipher text length grows linearly with the number of un re"oked

users In a "ariant of A-E that allows delegation of access rights is proposed for encrypted

EHRs applied cipher text policy A-E $%PA-E& to manage the sharing of PHRs, and

introduced the concept of social:professional domains in"estigated using A-E to generate

selfprotecting E/Rs, which can either be stored on cloud ser"ers or cell phones so that E/R

could be accessed when the health pro"ider is offline

Setup and 6ey 4istribution


4/6

In this module the system first defines a common universe of data attributes shared

by every PSD, such as basic profile, medical history, aller!ies, and prescriptions" An

emer!ency attribute is also defined for break-!lass access"

Each P#$ o%ner&s client application !enerates its correspondin! public'master keys"

(he public keys can be published via user&s profile in an online healthcare social-net%ork

)#S*+

(here are t%o %ays for distributin! secret keys"

irst, %hen first usin! the P#$ service, a P#$ o%ner can specify the access

privile!e of a data reader in her PSD, and let her application !enerate and

distribute correspondin! key to the latter, in a %ay resemblin! invitations in

oo!leDoc"

Second, a reader in PSD could obtain the secret key by sendin! a re.uest

)indicatin! %hich types of files she %ants to access+ to the P#$ o%ner via

#S*, and the o%ner %ill !rant her a subset of re.uested data types" Based on

that, the policy en!ine of the application automatically derives an access

structure, and runs key!en of /P-ABE to !enerate the user secret key that

embeds her access structure"

-reakglass module

In this module when an emergency happens, the regular access policies may

no longer be applicable )o handle this situation, breakglass access is needed to access the

"ictim#s PHR In our framework, each owner#s PHR#s access right is also delegated to an

emergency department E4 to pre"ent from abuse of breakglass option, the emergency

staff needs to contact the E4 to "erify her identity and the emergency situation, and obtain

temporary read keys After the emergency is o"er, the patient can re"oke the emergent

access "ia the E4"


5/6

System Requirements:

Hardware Requirements:

System : Pentium IV 2.4 GHz.

Hard Disk : 40 GB.

Floppy Drie : !.44 "#.

"onitor : !$ VG% &olour.

"ouse : 'o(ite)*.

+am : $!2 "#.

Software Requirements:

,peratin( system : - indo/s P.

&odin( 'an(ua(e : %SP.1et /it* &.

Data Base : S3' Serer 2005


6/6

emerging patient health information exchange system on cloud

Documents