Secure Sharing of PHR Using Attribute-Based Encryption  
  Authors : Shrikanth N G; Navya Ramesh P P

 

Personal health record is web based application that allows people to access and co-ordinate their lifelong health information .The patient centric secure sharing of PHR is achieved by storing them in a third party server, such as cloud server. Cloud server provides a promising platform for storage of data. Each patient is promised the full control of his/her medical records and can share his/her health data with a wide range of users, including healthcare providers, family members or friends. The Patient’s only decide which set of users can access which set of files .To achieve fine-grained date access control for personal health records, use attribute based encryption to encrypt the data before outsourcing. This paper focuses on the multiple data owner scenario, and divides the users in the PHR system into multiple security domain that greatly reduces the key management complexity for owners and users. For multiple authority based access control mechanism, use Multi Authority Based Encryption (MA-ABE).

 

Published In : IJCAT Journal Volume 1, Issue 4

Date of Publication : 31 May 2014

Pages : 27 - 31

Figures : 02

Tables : --

Publication Link : Secure Sharing of PHR Using Attribute-Based Encryption

 

 

 

Shrikanth N G : received the BE degree in information Science in 2008 and MTech degree from VTU University in Computer Science and Engineering in 2012.He is an assistant professor in the Department of Computer Science and Engineering at Shree Devi Institute of Technology. His current research interests is on data base and networking.

Navya Ramesh P P : received the BE degree in Computer Science and Engineering from Kannur University in 2010. Now she is doing her MTech degree from VTU University in Computer Science and Engineering.

 

 

 

 

 

 

 

Personal health records

cloud computing

data privacy

fine-grained access control

attribute-based encryption

In this paper, we have designed the proposed framework for the attribute encryption based PHR sharing with authentication. The full control of the personal health record will be always held on the patient and the privacy is assured through the encryption. We use various attribute based encryption techniques to encrypt the PHR files. Thus the patient can allow access to users based on the attributes provided by the patient. The data attributes are defined for personal domain users and role attributes for the users in public domain. The patient can also revoke a user efficiently in this proposed scheme.

 

 

 

 

 

 

 

 

 

[1] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in CCS '06, 2006, pp. 89–98

[2] H. Lo¨ hr, A.-R. Sadeghi, and M. Winandy, “Securing the E-Health Cloud,” Proc. First ACM Int’l Health Informatics Symp. (IHI ’10), pp. 220-229, 2010.

[3] M. Li, S. Yu, N. Cao, and W. Lou, “Authorized Private Keyword Search over Encrypted Personal Health Records in Cloud Computing,” Proc. 31st Int’l Conf. Distributed Computing Systems (ICDCS ’11), June 2011

[4] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient controlled encryption: ensuring privacy of electronic medical records,” in CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, 2009, pp. 103–114.

[5] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in IEEE INFOCOM'10, 2010.

[6] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute Based Data Sharing with Attribute Revocation,” Proc. Fifth ACM Symp. Information, Computer and Comm. Security (ASIACCS ’10), 2010.

[7] K.D. Mandl, P. Szolovits, and I.S. Kohane, “Public Standards and Patients’ Control: How to Keep Electronic Medical Records Accessible but Private,” BMJ, vol. 322, no. 7281, pp. 283-287, Feb. 2001.

[8] J. Hur And D.K. Noh, “Attribute-Based Access Control With Efficient Revocation In Data Outsourcing Systems,” Ieee Trans. Parallel And Distributed Systems, Vol. 22, No. 7, Pp. 1214-1221, July 2011.

[9] X. Liang, R. Lu, X. Lin, and X. S. Shen, “Patient selfcontrollable access policy on phi in ehealthcare systems,” in AHIC 2010, 2010.

[10] J. Bethencourt, A. Sahai, and B. Waters,“Ciphertextpolicy attribute-based encryption,” in IEEE S& P ’07, 2007, pp. 321–334.

[11] M. Li, W. Lou, and K. Ren, “Data security and privacy in wireless body area networks,” IEEE Wireless Communications Magazine, Feb. 2010.

[12] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes,” 2009. [Online]. Available: http://purl.org/utwente/65471

[13] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Overencryption: management of access control evolution on outsourced data,” in VLDB '07, 2007, pp. 123–13

[14] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient revocation,” in CCS '08, 2008, pp. 417–426.

[15] “At Risk of Exposure - in the Push for Electronic Medical Records, Concern Is Growing About How Well Privacy Can Be Safeguarded,” http://articles.latimes.com/2006/jun/26/health/ heprivacy26, 2006.

 

 


All rights reserverd @ IJCAT Journal www.IJCAT.org