emerging patient health information exchange system on cloud
TRANSCRIPT
-
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
1/6
EMERGING PATIENT HEALTH INFORMATION EXCHANGE SYSTEM
ON CLOUD
Abstract
Personal health record (PHR) is an emerging patient-centric model of
health information exchange, which is often outsourced to be stored at a third party,
such as cloud providers. However, there have been wide privacy concerns as personal
health information could be exposed to those third party servers and to unauthoried
parties. !o assure the patients" control over access to their own PHRs, it is a promising
method to encrypt the PHRs before outsourcing. #et, issues such as ris$s of privacy
exposure, scalability in $ey management, flexible access and efficient user revocation,
have remained the most important challenges toward achieving fine-grained,
cryptographically enforced data access control. %n this paper, we propose a novel
patient-centric framewor$ and a suite of mechanisms for data access control to PHRsstored in semi-trusted servers. !o achieve fine-grained and scalable data access control
for PHRs, we leverage attribute based encryption (&') techniues to encrypt each
patient"s PHR file. *ifferent from previous wor$s in secure data outsourcing, we focus
on the multiple data owner scenario, and divide the users in the PHR system into
multiple security domains that greatly reduces the $ey management complexity for
owners and users. & high degree of patient privacy is guaranteed simultaneously by
exploiting multi-authority &'. +ur scheme also enables dynamic modification of
access policies or file attributes, supports efficient on-demand userattribute revocation
and brea$-glass access under emergency scenarios. xtensive analytical and
experimental results are presented which show the security, scalability and efficiency of
our proposed scheme.
Existing System
In Existing system a PHR system model, there are multiple owners who may
encrypt according to their own ways, possiblyusing different sets of cryptographic
keys !etting eachuser obtain keys from e"ery owner who#s PHR shewants to read
would limit the accessibility since patients are not always online An alternati"e is toemploy a central authority $%A& to do the key management onbehalf of all PHR
owners, but this re'uires too muchtrust on a single authority $ie, cause the key
escrowproblem&
-
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
2/6
Key escrow$also known as a fair cryptosystem& is an arrangement in
which the keys needed to decrypt encrypteddata are held in escrowso that, under
certain circumstances, an authori(ed third party may gain access to those keys
)hese third parties may include businesses, who may want access to employees*
pri"ate communications, or go"ernments, who may wish to be able to "iew the
contents of encrypted communications
Proposed System
+e endea"or to study the patient centric, secure sharing of PHRs stored on
semitrusted ser"ers, and focus on addressing the complicated and challenging key
management issues In order to protect the personal health data stored on a semi
trusted ser"er, we adopt attributebased encryption $A-E& as the main encryption
primiti"e
.sing A-E, access policies are expressed based on the attributes of users or
data, which enables a patient to selecti"ely share her PHR among a set of users by
encrypting the file under a set of attributes, without the need to know a complete
list of users
)he complexities per encryption, key generation and decryption are only
linear with the number of attributes in"ol"ed
/odules
0 Registration
1 .pload files
2 A-E for 3inegrained 4ata Access %ontrol
5 Setup and 6ey 4istribution
7 -reakglass
/odules 4escription
Registration
http://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Escrowhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Escrow -
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
3/6
In this module normal registration for the multiple users )here are multiple
owners, multiple AAs, and multiple users )he attribute hierarchy of files 8 leaf nodes is
atomic file categories while internal nodes are compound categories 4ark boxes are the
categories that a PS4#s data reader ha"e access to
)wo A-E systems are in"ol"ed9 for each PS4 the re"ocable 6PA-E scheme is
adopted for each P.4, our proposed re"ocable /AA-E scheme
P.4 public domains
PS4 personal domains
AA attribute authority
/AABE - multi-authority ABE
6PABE - key policy ABE
.pload files
In this module, users upload their files with secure key probabilities )he owners
upload A-Eencrypted PHR files to the ser"er Each owner#s PHR file encrypted both under a
certain fine grained model
A-E for 3inegrained 4ata Access %ontrol
In this module A-E to reali(e finegrained access control for outsourced data
especially, there has been an increasing interest in applying A-E to secure electronic
healthcare records $EHRs& An attributebased infrastructure for EHR systems, where each
patient#s EHR files are encrypted using a broadcast "ariant of %PA-E that allows direct
re"ocation Howe"er, the cipher text length grows linearly with the number of un re"oked
users In a "ariant of A-E that allows delegation of access rights is proposed for encrypted
EHRs applied cipher text policy A-E $%PA-E& to manage the sharing of PHRs, and
introduced the concept of social:professional domains in"estigated using A-E to generate
selfprotecting E/Rs, which can either be stored on cloud ser"ers or cell phones so that E/R
could be accessed when the health pro"ider is offline
Setup and 6ey 4istribution
-
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
4/6
In this module the system first defines a common universe of data attributes shared
by every PSD, such as basic profile, medical history, aller!ies, and prescriptions" An
emer!ency attribute is also defined for break-!lass access"
Each P#$ o%ner&s client application !enerates its correspondin! public'master keys"
(he public keys can be published via user&s profile in an online healthcare social-net%ork
)#S*+
(here are t%o %ays for distributin! secret keys"
irst, %hen first usin! the P#$ service, a P#$ o%ner can specify the access
privile!e of a data reader in her PSD, and let her application !enerate and
distribute correspondin! key to the latter, in a %ay resemblin! invitations in
oo!leDoc"
Second, a reader in PSD could obtain the secret key by sendin! a re.uest
)indicatin! %hich types of files she %ants to access+ to the P#$ o%ner via
#S*, and the o%ner %ill !rant her a subset of re.uested data types" Based on
that, the policy en!ine of the application automatically derives an access
structure, and runs key!en of /P-ABE to !enerate the user secret key that
embeds her access structure"
-reakglass module
In this module when an emergency happens, the regular access policies may
no longer be applicable )o handle this situation, breakglass access is needed to access the
"ictim#s PHR In our framework, each owner#s PHR#s access right is also delegated to an
emergency department E4 to pre"ent from abuse of breakglass option, the emergency
staff needs to contact the E4 to "erify her identity and the emergency situation, and obtain
temporary read keys After the emergency is o"er, the patient can re"oke the emergent
access "ia the E4"
-
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
5/6
System Requirements:
Hardware Requirements:
System : Pentium IV 2.4 GHz.
Hard Disk : 40 GB.
Floppy Drie : !.44 "#.
"onitor : !$ VG% &olour.
"ouse : 'o(ite)*.
+am : $!2 "#.
Software Requirements:
,peratin( system : - indo/s P.
&odin( 'an(ua(e : %SP.1et /it* &.
Data Base : S3' Serer 2005
-
8/13/2019 Emerging Patient Health Information Exchange System on Cloud
6/6