SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the Cloud
|Project Title:||SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the Cloud.|
|Project Cost: (In Indian Rupees)||Rs.3000/|
|Project Buy Link:||Buy Link|
IEEE BASE PAPER ABSTRACT:
The widespread acceptance of cloud based services in the healthcare sector has resulted in cost effective and convenient exchange of Personal Health Records (PHRs) among several participating entities of the e-Health systems. Nevertheless, storing the confidential health information to cloud servers is susceptible to revelation or theft and calls for the development of methodologies that ensure the privacy of the PHRs. Therefore, we propose a methodology called SeSPHR for secure sharing of the PHRs in the cloud. The SeSPHR scheme ensures patient-centric control on the PHRs and preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on the un-trusted cloud servers and selectively grant access to different types of users on different portions of the PHRs. A semi-trusted proxy called Setup and Re-encryption Server (SRS) is introduced to set up the public/private key pairs and to produce the re-encryption keys. Moreover, the methodology is secure against insider threats and also enforces a forward and backward access control. Furthermore, we formally analyze and verify the working of SeSPHR methodology through the High Level Petri Nets (HLPN). Performance evaluation regarding time consumption indicates that the SeSPHR methodology has potential to be employed for securely sharing the PHRs in the cloud.
PROJECT OUTPUT VIDEO:
Chen et al. introduced a method to exercise the access control dynamically on the PHRs in the multi-user cloud environment through the Lagrange Multiplier using the SKE. Automatic user revocation is the key characteristics of the approach. To overcome the complexities of the key management, a partial order relationship among the users is maintained. However, the scheme requires the PHR owners to be online when the access is to be granted or revoked.
DISADVANTAGES OF EXISTING SYSTEM:
A limitation of the existing approach is that it allows the CSP to de-crypt the PHRs that in turn may act maliciously.
In the existing framework the data owner is also assumed as a trusted authority that manages the keys for multiple owners and multiple users. Therefore, the inefficiencies would occur at the PHR owners’ end to manage multiple keys for different attributes for multiple owners.
We present a methodology called Secure Sharing of PHRs in the Cloud (SeSPHR) to administer the PHR access control mechanism managed by patients themselves. The methodology preserves the confidentiality of the PHRs by restricting the unauthorized users.
Generally, there are two types of PHR users in the proposed approach, namely: (a) the patients or PHR owners and (b) the users of the PHRs other than the owners, such as the family members or friends of patients, doctors and physicians, health insurance companies’ representatives, pharmacists, and researchers.
The SeSPHR methodology employs the El-Gamal encryption and proxy re-encryption to ensure the PHR confidentiality.
The methodology allows the PHR owners to selectively grant access to users over the portions of PHRs based on the access level specified in the ACL for different groups of users.
A semi-trusted proxy called SRS is deployed to ensure the access control and to generate the re-encryption keys for different groups of users thereby eliminating the key management overhead at the PHR owner’s end.
ADVANTAGES OF PROPOSED SYSTEM:
The forward and backward access control is also implemented in the proposed methodology.
Formal analysis and verification of the proposed methodology is performed to validate its working according to the specifications.
Setup and Re-encryption Server (SRS)
The scheme proposes the storage of the PHRs on the cloud by the PHR owners for subsequent sharing with other users in a secure manner. The cloud is assumed as un-trusted entity and the users upload or download PHRs to or from the cloud servers. As in the proposed methodology the cloud resources are utilized only to upload and download the PHRs by both types of users, therefore, no changes pertaining to the cloud are essential.
Setup and Re-encryption Server (SRS):
The SRS is a semi-trusted server that is responsible for setting up public/private key pairs for the users in the system. The SRS also generates the re-encryption keys for the purpose of secure PHR sharing among different user groups. The SRS in the proposed methodology is considered as semi-trusted entity. Therefore, we assume it to be honest following the protocol generally but curious in nature. The keys are maintained by the SRS but the PHR data is never transmitted to the SRS. Encryption and decryption operations are performed at the users’ ends. Besides the key management, the SRS also implements the access control on the shared data.
The SRS is independent server that cannot be deployed over a public cloud because of cloud being un-trusted entity. The SRS can be maintained by a trusted third-party organization or by a group of hospitals for convenience of the patients. It can also be maintained by a group of connected patients. However, SRS maintained by hospitals or by a group of patients will generate more trust due to involvement of health professionals and/or self-control over SRS by patients.
Generally, the system has two types of users:(a) the patients(owners of the PHR who want to securely share the PHRs with others) and (b) the family members or friends of patients, doctors and physicians, health insurance companies’ representatives, pharmacists, and researchers. In SeSPHR methodology, the friends or family members are considered as private domain users whereas all the other users are regarded as the public domain users. The users of both the private and public domain may be granted various levels of access to the PHRs by the PHR owners. For example, the users that belong to private domain may be given full access to the PHR, where as the public domain users, such as physicians, researchers, and pharmacists may be granted access to some specific portions of the PHR. Moreover, the aforementioned users may be allowed full access to the PHRs if deemed essential by the PHR owner. In other words, the SeSPHR methodology allows the patients to exercise the fine-grained access control over the PHRs. All of the users in the system are required to be registered with the SRS to receive the services of the SRS. The registration is based on the roles of the users, for instance, doctor, researcher, and pharmacist.
System : Pentium Dual Core.
Hard Disk : 120 GB.
Monitor : 15’’ LED
Input Devices : Keyboard, Mouse
Ram : 1 GB
Operating system : Windows 7.
Coding Language : JAVA/J2EE
Tool : Netbeans 7.2.1
Database : MYSQL
Mazhar Ali, Member, IEEE, Assad Abbas, Member, IEEE, Muhammad Usman Shahid Khan, Member, IEEE, and Samee U. Khan, Senior Member, IEEE, “ SeSPHR: A Methodology for Secure Sharing of Personal Health Records in the Cloud”, IEEE Transactions on Cloud Computing, 2021.
PROJECT COST: Rs.3000/
PROJECT BUY LINK: Click here to buy this project in Online.