eagle eye on cloud assisted mobile access of patients ... · cloud computing services consists of...

International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 16 Issue 1 –JUNE 2015.

139

Abstract— Inspired by privacy issues, the technique is

developed with the aim to give secure environment in cloud health. Responsibility about patient privacy and confidentiality is as old as the practice of medicine. Medical providers and Institutions are the central to store patient’s records. The desire to protect privacy is in part an outgrowth of a common human wish to live free of encroachment, judgment, inferiority complex. This technique provides important characteristics like privacy-preserving data storage and retrieval and auditability to avoid miss using of health records. In this we search over encrypted data thus hides access and search patterns. Searchable symmetric algorithm and elliptical curve cryptography are used here.

Keywords— Auditability, Privacy, Confidentiality, Searchable symmetric algorithm

I. INTRODUCTION

Earlier Health information or health records were

maintained in paper-based files and they were the source of history of patient medical information. The file was provider centric, consisting largely of notes inscribed by a doctor of what they thought was important. The main aim is to guide the provider in the care process. Later paper based files are changed or transferred to electronic health records (EHRs) by health providers [1].

The EHRs are the results of digitized versions of their paper predecessors, helpful and immediately available. Personal information increasingly flows in bits and bytes so the need to use secure technologies and establish appropriate privacy practices goes far beyond the scope of exchanging information between health care facilities, insurers and other entities.

A patient’s health information may contain sensitive information such as sexual health, mental health, addictions To drug or alcohol, abortions, etc. This makes such a patient demand strong privacy for their EHR system. Fig 1 gives the cloud computing services consists of software as service (Saas), platform as service (Paas) and Infrastructure as a service (Iaas).

Fig 1: Cloud computing services

Storage services supported public clouds like Microsoft's

Azure storage service and Amazon's S3 offer customers with ascendable and dynamic storage. By moving their knowledge to the cloud customers will avoid the prices of building and maintaining a personal storage infrastructure, opting instead to pay a service supplier as operate of its wants [5].

For most customers, this provides many edges as well as accessibility and dependableness at a relatively low price. While the advantages of employing a public cloud infrastructure area unit clear, it introduces significant security and privacy risks. In fact, it appears that the largest hurdle to the adoption of cloud storage is concern over the confidentiality and integrity of knowledge [8]-[10].

While, so far, customers are willing to trade privacy for the convenience of package services, this can be not the case for enterprises and government organizations. Therefore whereas cloud storage has huge promise, unless the problems of confidentiality and integrity area unit self-addressed several potential customers are reluctant to form the move [10].

To address the issues of crypto graphical cloud storage [6] and increase the adoption of cloud storage, we have a tendency to argue for coming up with a virtual personal

EAGLE EYE ON CLOUD ASSISTED MOBILE ACCESS OF PATIENTS HEALTH

INFORMATION

Miss Pallavi V#1 and Smt. Vani Ashok*2 #1PG Scholar, Dept. Of CSE, SJCE, Mysore, India

*2Assistant Professor, Dept. Of CSE, SJCE, Mysore, India


140

storage service based mostly on recently developed crypto graphical techniques. Such a service ought to aim to attain the best of each world by providing the safety of a personal cloud and also the practicality and cost savings of a public cloud [1]-[5]. Confidentiality : The cloud storage supplier doesn't learn any info concerning customer knowledge. Integrity : Any unauthorized modification of client knowledge by the cloud storage provider may be detected by the client whereas holding the most edges of a public storage service. Availability : Client knowledge is accessible from any machine and in the slightest degree times. Reliability : Customer data is reliably backed up. Efficient retrieval : Data retrieval times are comparable to a public cloud storage service. Data sharing: Customers can share their data with trusted parties.

II. RELATED WORK

In This section we discuss briefly on the existing work done

on health privacy preserving in cloud. Some early works on privacy protection for electronic health information center concentrate on the framework-style[1]-[5] along with the demonstration of the importance of privacy for e-health systems the authentication supported existing wireless infrastructure the role based approach for access control.

Yue Tong, Jinyuan Sun, Sherman S. M. Chow, and Pan Li[6], projected to make privacy into mobile health systems with the assistance of the non-public cloud. We tend to provide a solution for privacy-preserving information storage by group action a PRF-based key management for unlinkability, a search and access pattern activity theme supported redundancy, and a secure compartmentalization technique for privacy preserving keyword search [8]-[10].

We tend to conjointly investigated techniques that provide access management (in each traditional and emergency case) and auditability of the approved parties to forestall misbehavior, by combining ABE-controlled threshold signing with role-based encoding.

Privacy preservation of sensitive data may be a key factor. Anonmization offers additional privacy choices rather to other privacy preservation techniques [6] (Randomization, Encryption, and Sanitization).

In short, lacking of effective mechanisms to confirm the file retrieval accuracy could be a significant disadvantage of existing searchable coding schemes within the context of Cloud Computing.

Nonetheless, the progressive in data retrieval (IR) community has already been utilizing varied rating mechanisms [1] to quantify and rank-order the relevance of files in response to any given search question. though the importance of ranked search has received attention for an extended history within the context of plaintext searching by IR community, amazingly, it's still being unnoticed and remains to be addressed within the context of encrypted [15] knowledge search.

Therefore, the way to alter a searchable coding system with support of secure ranked search is that the downside tackled in secure stratified search over encrypted knowledge. This work

is among the primary few ones to explore stratified search over encrypted knowledge [13]-[15] in Cloud Computing.

Stratified search greatly enhances system usability by returning the matching files in an exceedingly stratified order relating to to bound connectedness criteria (e.g., keyword frequency), thus creating one step nearer towards sensible preparation of privacy-preserving knowledge hosting services within the context of Cloud Computing[14].

However, Anonmization itself contains many techniques that need last best one[7]. in keeping with the conferred analysis there's close competition among K- obscurity, L-Diversity, TCloseness, P-Sensitive and M-invariance. Analytical comparative analysis is conducted to pick out best Anonymization strategies [11]-[13] Privacy-preserving health data storage is studied by Sun et al.,[5] where patients encrypt their own health data and store it on a third-party server.

III. PRELIMINARIES

a. Searchable Symmetric Encryption (SSE)

Search on the encrypted data is the hot area of research. Databases are mainly stored on the remote servers. In order to access a data we need searching therefore searching over the encrypted data is one of the challenges. There are many methods to search over the encrypted data.

One of them is searchable symmetric encryption. SSE was introduced by Song, Wagner and Perrig in 2001. In SSE neither the keyword searching nor the remote storing will result in data leakage [6].

The proposal consists of three polynomial-time algorithm

(Setup, E, Search). Where setup takes a unary security parameter (k) in and gives a secret key K. Algorithm E takes a key K and an n-bit message m and returns a ciphertext c; Search takes a key K and a ciphertext c and returns m if K was the key under which c was produced. Key(s): This operate is employed by the users to get keys to initialize the theme. It takes the protection parameter s and outputs a secret key K. BIndex (D,K): The shopper runs this operate to make the indexes, denoted by I, for a group of document D. It takes the secret key K and D and outputs I, through that document is searchable whereas remaining encrypted. Trapdoor (K,w) : The shopper runs this operate to cipher a trapdoor for a keyword w, sanctions sorting out this keyword. A trapdoor Tw may be taken as a proxy for w so as to cover the important that means of w. Therefore, Tw ought to leak the knowledge regarding w as very little as attainable. The operate takes the secret key K and also the keyword w and outputs the individual trapdoor Tw. S(I, Tw ): This operate is read by the remote server to go looking for documents containing the shopper outlined keyword w. Attributable to the utilization of the trapdoor, the server is ready to hold out the particular question while not knowing the important keyword. The operate takes the designed secure index I and also the trapdoor Tw , and outputs the identifiers of files that contains keyword w.


141

b. Elliptical curve cryptography Cryptography may be a technology that makes use of

arithmetic to produce info security over public network. Elliptic curve cryptography (ECC) is one among the foremost powerful however least understood sorts of cryptography in wide use nowadays.

Associate in nursing increasing variety of internet sites build intensive use of error correction code to secure everything from customers' HTTPS connections to however they pass knowledge between knowledge centers.

Basically, it is vital for finish users to grasp the technology behind any security system so as to trust it. To it finish, we have a tendency to looked around to search out a decent, comparatively easy-to-understand primer on error correction code so as to share with our users. Finding none, we have a tendency to set to put in writing one ourselves.

IV. SYSTEM DESIGN

System design is the process of defining the architecture,

components, modules, interfaces and data for a system to satisfy specified requirements. One could see it as the application of systems theory to product development.

The main attributes involved in our system are given in fig 2.Patients or users collect their health data through monitoring devices worn or carried. Paper based medical reports are converted to Electronic Health Records [EHR].These EHR are encrypted so the data will be secure.

Fig 2: System design

During encryption key will be generated and index build

will take place. After the encryption the electronic health records will be uploaded to EMT of cloud. Every User will be associated with one cloud.

Each user i.e patient or doctor is associated with one private cloud. Many private clouds are supported on the same physical server. Private clouds are always online and available to handle health data on behalf of the users.

The private cloud will process the data to add security protection before it is stored on the public cloud. Google and amazon are one of the examples of public cloud infrastructure.

During search in this we make use of trapdoor of search so search will be done on the encrypted data it hides the search pattern. Search will give the top k ranked files. Upon selecting file for download it will ask for secret code, it’s a pseudo random no sent to registered mail id. So this is a concept which is used to give more security to patient’s record.

V. EXPERIMENTAL RESULTS

Registration is a mandatory process to get into a hospital

management system for any doctor and Patient. A doctor and Patient have to provide their personal information to the patient healthcare monitoring to create their account. After the registration patient can upload their health information.

This health information will be in the encrypted form and keywords will be extracted from the file. And there will be a generation public and private keys and most importantly building of index takes place.

Lastly they will upload file to cloud. When the doctor checks for particular keyword, search will be on encrypted data. Here trapdoor search will be done. The fig 3 gives search result on the encrypted data where the first column gives the name of the file which contains the keyword whereas second column gives the scoring of the keyword in the file. Trapdoors will be used here in searching.

Fig 3: Search result on encrypted files

When the doctor enters the number of files he wants to see

the file list will display based on the priority list which is shown in fig 4. The highest priority file will be at the top. When the doctor clicks on the file name in file list another security function encounters here.


142

Doctor has to enter user name again and it will ask for the secret code which is pseudorandom number. This will be in the registered mail. This approach provides one of the best securities to patient’s health data.

Fig 4: Display based on highest priority

VI. CONCLUSION

In this paper we proposed the new approach which gives

multiple levels of securities to the patients’ health records. So it’s like eagle eye on the patients’ health records. This application provides easy access to medical care information anytime and anywhere. Using cloud computing for healthcare provision provides opportunities for cost-savings and innovative solutions. Some examples were provided in this article that demonstrates the growing interest in this area by both healthcare and cloud providers. Secured patient healthcare system using cloud computing helps to keep the communication between doctor and patient private. It applies the concept of privacy in cloud computing technologies, which is a good approach to improve the quality of healthcare service minimizing the cost.

Acknowledgement

The authors would like to thanks to the publishers,

researchers for making their resources available and teachers for guidance. We also thank to the college authority for supporting to us and providing required information. We would also like to thank our friends and family members.

REFERENCES

[1] ] P. Ray and J.Wimalasiri, “The need for technical solutions formaintainingthe privacy of EHR,” in Proc. IEEE 28th Annu. Int. Conf., New York City,NY, USA, Sep. 2006, pp. 4686–4689.

[2] M. C. Mont, P. Bramhall, and K. Harrison, “A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care,” presented at the 14th Int. Workshop Database Expert Syst. Appl., Prague, Czech Republic, 2003.

[3] G. Ateniese, R. Curtmola, B. de Medeiros, and D. Davis, “Medical information privacy assurance: Cryptographic and system aspects,” presented at the 3rd Conf. Security Commun. Netw., Amalfi, Italy, Sep. 2002

[4] L. Zhang, G. J. Ahn, and B. T. Chu, “A role-based delegation framework for healthcare information systems,” in 7th ACM Symp. Access Control Models Technol., Monterey, CA, USA, 2002, pp. 125–134.

[5] J.Sun,X.Zhu,C.Zhang,andY.Fang,“HCPP:Cryptographybasedsecure EHR system for patient privacy and emergency healthcare,” in Proc. IEEE Int. Conf. Distrib. Comput. Syst., Jun. 2011, pp. 373–382

[6] Yue Tong, Jinyuan Sun, Sherman S. M. Chow, and Pan Li, “Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability”, IEEE journal of biomedical and health informatics, vol. 18, no. 2, march 2014 419

[7] Abdullah Abdulrhman AlShwaier, Dr, Ahmed Zayed Emam, “Data Privacy On E-Health Care System”, International Association of Scientific Innovation and Research.

[8] Paillier, P. (1999, May 2-6). Public-key cryptosystems based on composite degree residuosity classes.Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, pp. 223-238.

[9] Park, J. and Sandhu, R. (2002). Towards usage control models: Beyond traditional access control. Proceeding of the 7th ACM symposium on Access Control Models and Technologies, SACMAT’02, pp. 57-64

[10] Petkovic, M., & Ibraimi, M. (2011). Privacy and security in e-Health applications. Published in E-Health, assistive technologies and applications for assistive living: challenges and solutions, pp. 23-48

[11] Rinehart-Thompson, & L.A., Harman, L.B. (2006). Privacy and confidentiality. In L.B. Harman (Ed.) Ethical Challenges in the Management of Health Information. 2, 53.

[12] Fan, L., Buchanan, W., Thuemmler, C., Lo, O., Khedim, A., Uthmani, O., et al. (2011).DACAR platform for eHealth services cloud. In IEEE 4th international conferenceon cloud computing (pp. 219–226).

[13] A. Singhal, “Modern information retrieval: A brief overview,” IEEE Data Engineering Bulletin, vol. 24, no. 4, pp. 35–43, 2001.

[14] C. Wang, N. Cao, J. Li, K. Ren, and W. Lou, “Secure ranked keyword search over encrypted cloud data,” in Proc. of ICDCS’10, 2010.

[15] D. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Proc. of S&P, 2000.

.

.

eagle eye on cloud assisted mobile access of patients ... · cloud computing services consists of...

Documents