Enhanced Security of PHR System in Cloud Using Prioritized Level Based Encryption
Cloud Computing has emerged as one of the vital part of the IT industry and it requires users to entrust their valuable data to cloud providers and so, there has been increasing security and privacy concerns on outsourced data. However there are more privacy concerns when the data involved is related to health. The current trend is that all the sectors are now moving to paperless management setup reducing the manual work and increasing the efficiency in both technical and management perspective. Similarly, the traditional health records are now being exported to cloud platform for continuous availability and easier management. This opens up the important problem of security when handling the personal data. To mitigate such security risks, proper cryptographic measures must be taken. Proper delegation and revocation mechanisms must be applied in case of sharing the records. There is a need for categorizing the data based on the sensitivity level of the health records, since encrypting all the records using the same mechanism will not be fair and also paves the way for intruders to decrypt all the records if the algorithm is found. To achieve fine-grained and scalable data control for Personal Health records (PHR), we leverage Prioritized Level Based Encryption (PLBE) techniques to encrypt each patient’s PHR file, the PHR also includes both text and image data like x-rays and scanned images. Therefore separate encryption techniques have to be enforced for text and image data. We also focus on multiple data owner scenario and divide the users in the PHR system into multiple security domains that reduces key management complexity for both owners and users.
KeywordsCloud Computing Data Security Personal Health Records Prioritized Level Based Encryption Sensitivity Analyzer
Unable to display preview. Download preview PDF.
- Li, M., Yu, S., Ren, Y.Z.K., Lou, W.: Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption. IEEE Transactions on Parallel and Distributed Systems 24 (2013)Google Scholar
- Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Shands, D. (ed.) Proceedings of the 28th IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
- Prasad, P., Ojha, B., Shahi, R.R., Lal, R., Vaish, A., Goel, U.: 3 dimensional security in cloud computing. In: 3rd International Conference on Computer Research and Development (ICCRD), vol. 3, pp. 198–201 (2011)Google Scholar
- Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine grained access control of encrypted data. In: CCS 2006, pp. 89–98 (2006)Google Scholar
- Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes (2009)Google Scholar
- Li, M., Yu, S., Cao, N., Lou, W.: Authorized Private Keyword Search over encrypted data in Cloud Computing. In: 31st International Conference on Distributed Computing Systems (2011)Google Scholar
- Ibraimi, L., Asim, M., Petkovic, M.: Secure Management of Personal Health Records by applying attribute based encryption. In: 6th International Workshop on Wearable Micro and Nano Technologies for Personalized Health (2009)Google Scholar
- Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute based systems. Journal of Computer Security 18(5), 799–837 (2010)Google Scholar
- Wan, Z., Liu, J., Deng, R.H.: A hierarchical attribute based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security 7(2) (2012)Google Scholar
- online, At risk of exposure – in the push for electronic medical records, concern is growing about how well privacy can be safeguarded (2006)Google Scholar