Propose and Test a New Solution for.

Propose and Test a New Solution for Security and Privacy of Data Access in Medical Records Using Hybrid cloud Goal Cloud computing become an integral part in the health care industries. In recent years, Electronic Health record in cloud, is an emerging research topic in the area of cloud computing. Since the cloud computing become more popular in the health care industry, there are some major security and privacy issues in accessing medical records from the hybrid cloud environment. To mitigate these issues many number of approaches have been developed and are in practices. But most of them are fallen in preserving security and privacy in sensitive medical data access from hybrid cloud. To overcome these problems, two efficient encryption methods combined together for the fine gained access control and protecting the data privacy. Multi-authority and key-based encryption schemes are used for encrypting each part of health records after dividing those records using vertical partitioning method. The advantage of multi-authority encryption scheme is applied in Public Domains (PUDs) and Key-based encryption scheme is used in Personal Domains (PSDs), for secure data access and authenticating users. To assure the privacy and security concern of medical data access using hybrid cloud, it is crucial to have a fine gained access control method and an effective authentication scheme. Encryption methods are most suitable for the security of sensitive information. Advanced Encryption Standards (AES) proven proficiency in protection, but its major drawback is in privacy protection and processing time ( Aljafer , Malik , Alodib , & Rezgui , 2014). The aim of this project is twofold: 1. Design an effective solution for privacy and security of medical record access in hybrid cloud using Multi-authority and key-based encryption schemes. 2. Ensure the Fine Gained Access control of medical record and reduce the encryption time. Current System: To assure the privacy and security concern of medical data access using hybrid cloud, it is crucial to have a fine gained access control method and an effective authentication scheme. Encryption methods are most suitable for the security of sensitive information. Advanced Encryption Standards (AES) proven proficiency in protection, but its major drawback is in privacy protection and processing time ( Aljafer , Malik , Alodib , & Rezgui , 2014). In addition, AES needs less computation time for small amount of data processing but when the size of the data grows, computation time increases rapidly ( Aljafer , Malik , Alodib , & Rezgui , 2014).In order to solve these issues a hybrid approach of encryption and a multilayered authentication are used in this scheme. Proposed System: The Key idea is to divide the system into multiple security domains namely Public domains (PUDs) and Personal Domains (PSDs) according to the different user’s data access requirements. The PUDs consist of users who make access based on their professional roles, such as doctors, nurses, etc. For PSD, its users are personally associated with a data owner and they make access of EHR based on access rights assigned by the owner. In both type of domains use attribute based encryption. In PUD MA-ABE encryption scheme is used and KP-ABE encryption method is used to encrypt and manage secret key and access policies in PSD. In PUD MA-ABE is used, in which there are multiple attribute authorities each governing disjoint subset of attributes. The user Encrypt Identifiers in Electronic Health File such as Explicit identifiers (EID) and Quasi identifiers (QID) using KP-BE and then encrypt role based access policy using MA-ABE. Algorithm: Algorithm 1: Electronic Health Record (EHR) Encryption Algorithm. INPUT: Electronic Health Record File (D); (D) = { D1,D2…..Dn}. Personal Domain Attribute Set (PSD); PSD = {Apsd1,Apsd2,…….,Apsdn}, where A is attribute value of personal recipient. Public Domain Attribute set (PUD ); PUD = {Apud1, Apud2,……,Apudn}. OUTPUT : Encrypted File (De); De = { De1,De2,…Den} with attributes of EID and QID. Plaintext (Dp); Dp = {Dp1, Dp2, ….Dpn) with attributes of medical information. Anonymized table (Da); Da = { Da1,Da2,……Dan} with attributes of QID. Initials : The original Electronic Health Record (D), Quasi Identifiers (QID), Medical Information (MI), Explicit Identifiers (EID). Assign NULL to both Da and De; BEGIN: Step 1: Input D,PUD and PSD; Step 2: Encrypt QID and EID by extracting them from D; For each i=1 and less than or equal to end of the record, n, Repeat step 3 to 8 until end of the file reached. Step 3: For each Aj element of EID U QID Step 4: Dei(Aj)= E(KP-ABE)[ Di(Aj)] Using PSD attribute set. Dei(Ak)= E(MA-ABE)[Dk(Aj)] Using PUD attribute set. Step 5: Extract MI from D and store in Dp, as plaintext. For each Aj element of MI Dpi(Aj)= Di(Aj). Step 6: Increment the value of i. Step 7: Process the K-anonymization Partition for extracting QID from D. Step 8: For I =1 and less than or equal to end of the record, repeat the Steps 10 until end of the file reached. Step 9: For each Aj belong to QID Dai(Aj) = Range (Ek), where di belongs to Ek. Step 10: Store Output Da,Dp and De separately in Hybrid cloud Step 11: END. Algorithm 2: Merging and Fine Gained Access Control of Electronic Health Record. INPUT: Plaintext (Dp ); Dp = {Dp1, Dp2, ….Dpn) with attributes of medical information. Encrypted File De = { De1,De2,…Den} with attributes of EID and QID. Anonymized table Da = { Da1,Da2,……Dan} with attributes of QID. Personal Domain Attribute Set PSD = {Apsd1,Apsd2,…….,Apsdn}. Public Domain Attribute set PUD = {Apud1, Apud2,……,Apudn}. OUTPUT: Based on the attribute values and access policies of Recipient this section has one of the following two outputs. Ds = {Ds1,DS2,……DSn} with all of the attributes in QID and MI. OR D= {D1,D2,……,Dn} with all of attributes of EID, QID and MI. Step 1: Initialize D = NULL. Step 2: Start Verify recipient access policy based on the key attribute. // The following loop merge the identity information EID, QID and MID. First decrypting EID and QID and then merge with MID Step 3: IF Access key has full option to access original dataset go to step 4. Else go to step 8. Step 4: For each i = 1 and i less than or equal to end of the record repeat the step 5 to 6. Step 5: For each Aj belongs to EID U QID Di(Aj) =P[ Dei(Aj )] // convert the encrypted files to plain text Step 6: For each Aj belongs to MI Di(Aj)= Dpi(Aj). Step 7: Display Output D, go to step 13. Step 8: IF Access key has option to access the anonymized dataset go to step 9. Else go to step 13. Step 9: For each i = 1 and i less than or equal to end of the record repeat the step 10 to 11. Step 10: For each Aj belongs to QID Dsi(Aj) =Dai(Aj )] Step 11: For each Aj belongs to MI Dsi(Aj)= Dpi(Aj). Step 12: Display Output Ds, go to step 13 Step 13: END Efficiency Based on the Encryption time: Input: Electronic Health Record Number of attributes Encryption Time in Milliseconds Type Size Proposed (MA-ABE – KP-ABE) Hybrid solution Current solution (Yang,J.J (2015)). .doc 1Mb 30 1593 4126.8 .txt 5 Mb 35 4403.4 18378.4 .xlsx 10 Mb 40 5237.9 19671.9 .Xlsx 20 Mb 45 6994.7 21899.3 .txt 50 Mb 50 8750.4 24470.7 .txt 70 Mb 55 10506.5 27442.4 .txt 100 Mb 60 12261.3 29906.6 .txt 150 Mb 65 15752.9 35441.3 .doc 200 Mb 70 17338.7 41198.9 .doc 250 Mb 75 19093.5 46150.2 .doc 300 Mb 80 21028.1 50423.8 .doc 350 Mb 85 22717.6 55785.4 .txt 400 Mb 90 24474.5 59653.2 .txt 450 Mb 95 26230.2 64867.1 .txt 500 Mb 100 28167.3 68247.2 .txt 550 Mb 105 29852.5 73112.8 .txt 600 Mb 110 31608.4 77599.5 .doc 650 Mb 115 32962.8 85743.2 .doc 700 Mb 120 35297.5 91870.5 .doc 750 Mb 125 37904.7 95976.9 Here the proposed solution can keep a systematic increase in the encryption time based on the number of attributes in data size. But in current solution the encryption time rapidly increases while the file size increases. Computation time cost of current and proposed system. In the current system the computation cost ba
sed on data merging operation and the decryption operation. In current system the computation cost can calculated using the formula: Computation time cost = encryption time + Data merging operation time. In the proposed system the computation cost can be calculated based on the number attributes in the cipher text and pairing operation. In proposed system the computation cost can be calculated based on the formula Computation cost = (Number of attributes in cipher text * Pairing time) + Key Generation per User Key generation = users attributes given by access policy authority * exponentiation time. Cipher text Size Current system Proposed system 1Mb 530.8 458 5 Mb 1327 1116 10 Mb 2654 2365 20 Mb 4548 3471 50 Mb 6635 5847 70 Mb 8014 6952 100 Mb 9410 8868 150 Mb 12150 10984 200 Mb 17185 16300 250 Mb 19945 18416 300 Mb 24020 22856 350 Mb 29258 27948 400 Mb 34894 33068 450 Mb 39065 37865 500 Mb 45253 43589 550 Mb 49983 47329 600 Mb 53986 52010 650 Mb 59872 57827 700 Mb 63894 62101 750 Mb 70018 68989 Comparison table for current and proposed system according to the evaluation criteria. Criteria Current System Proposed System Data Confidentiality Excellent Excellent Fine Gained access control Low Excellent Scalability Average Good User Revocation Low Excellent Collusion resistance Low Excellent Cryptographic attack time to break current system and proposed algorithm (days). For this purpose we use the standard setting such as I7 processor, 8 GB RAM, 2 GB Graphics and SSD hard disk. File Size Cipher text Only Attacks (COA) Known Plaintext Attack (KPA) Chosen Plaintext Attack (CPA) Dictionary Attack Brute Force Attack (BFA) Man in Middle Attack (MIM) Side Channel Attack (SCA) Key abuse attack Quantum attack Current Algorithm (AES) 1 Mb 15 22.5 18 90 180 0.15 135 86 50 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 1 Mb 60 90 72 360 720 .6 540 344 200 Current Algorithm (AES) 5 Mb 75 37.5 45 90 180 .25 210 129 250 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 5 Mb 300 150 180 360 720 1 840 516 1000 Current Algorithm (AES) 10 Mb 375 150 225 450 900 .375 885 193.5 1250 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 10Mb 1500 600 900 1800 3600 1.5 3540 774 5000 Current Algorithm (AES) 20 Mb 1875 750 1125 2250 450 .562 4500 290.25 2605 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 20 Mb 7500 3000 4500 9000 1800 2.25 18000 1161 10254 Current Algorithm (AES) 50 Mb 9375 3750 5625 11250 2250 0.85 22500 505.03 3907.5 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 50 Mb 37500 15000 22500 45000 9000 3.375 90000 2020.12 15630 Current Algorithm (AES) 70 Mb 46875 18750 28125 56250 11250 1.3 112500 757.545 5861.25 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 70 Mb 187500 75000 112500 225000 45000 5 450000 3030.18 23445 Current Algorithm (AES) 100 Mb 70312.5 28125 42187.5 84375 16875 2 168750 1136.5 8791.5 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 100Mb 281250 112500 168750 337500 67500 8 675000 4546 35166 Current Algorithm (AES) 150 Mb 105468.75 42187.5 71718.75 126562.5 25312.5 3 253125 1704.75 13187.25 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 150Mb 421875 168750 286875 506250 101250 12 1012500 6819 52749 Current Algorithm (AES) 200 Mb 158203.1 63281.25 107578.1 189843.8 37968.75 4.5 379687.5 2557.125 19780.88 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 200 Mb 553710.9 221484.4 376523.4 664453.1 132890.6 15.75 1328906 8949.938 69233.06 Current Algorithm (AES) 250 Mb 237304.7 94921.88 161367.2 284765.6 56953.13 6.75 569531.3 3835.688 29671.31 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 250 Mb 854296.9 341718.8 580921.9 1025156 205031.3 24.3 2050313 13808.48 106816.7 Current Algorithm (AES) 300Mb 355957 142382.8 242050.8 427148.4 85429.69 10.125 854296.9 5753.531 44506.97 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 300Mb 1317041 526816.4 895587.9 1580449 316089.8 37.4625 3160898 21288.07 164675.8 Current Algorithm (AES) 350Mb 533935.5 213574.2 363076.2 640722.7 128144.5 15.1875 1281445 8630.297 66760.45 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 350Mb 1975562 790224.6 1343382 2370674 474134.8 56.19375 4741348 31932.1 247013.7 Current Algorithm (AES) 400Mb 800903.3 320361.3 544614.3 961084 192216.8 22.78125 1922168 12945.45 100140.7 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 400Mb 3043433 1217373 2069534 3652119 730423.8 86.56875 7304238 49192.69 380534.6 Current Algorithm (AES) 450Mb 1281445 512578.1 871382.8 1537734 307546.9 36.45 3075469 20712.71 160225.1 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 450Mb 4997637 1999055 3398393 5997164 1199433 142.155 11994328 80779.58 624877.8 Current Algorithm (AES) 500Mb 1794023 717609.4 1219936 2152828 430565.6 51.03 4305656 28997.8 224315.1 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 500Mb 7176094 2870438 4879744 8611313 1722263 204.12 17222625 115991.2 897260.5 Current Algorithm (AES) 550Mb 2511633 1004653 1707910 3013959 602791.9 71.442 6027919 40596.92 314041.2 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 550Mb 10046531 4018613 6831641 12055838 2411168 285.768 24111675 162387.7 1256165 Current Algorithm (AES) 600Mb 3516286 1406514 2391074 4219543 843908.6 100.0188 8439086 56835.68 439657.6 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 600Mb 14065144 5626058 9564298 16878173 3375635 400.0752 33756345 227342.7 1758631 Current Algorithm (AES) 650Mb 4571172 1828469 3108397 5485406 1097081 130.0244 10970812 73886.39 571554.9 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 650Mb 18284687 7313875 12433587 21941624 4388325 520.0978 43883249 295545.6 2286220 Current Algorithm (AES) 700Mb 6856758 2742703 4662595 8228109 1645622 195.0367 16456218 110829.6 857332.4 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 700Mb 27427030 10970812 18650381 32912436 6582487 780.1466 65824873 443318.3 3429330 Current Algorithm (AES) 750Mb 8228109 3291244 5595114 9873731 1974746 234.044 19747462 132995.5 1028799 Proposed Algorithm (Multilevel MA-ABE and KP-ABE) 750Mb 32089625 12835850 21820945 38507551 7701510 912.7716 77015101 518682.4 4012316 From the above table, I analyze the different attack crack time of my proposed system. In the proposed system the enhanced MA-ABE scheme guarantees data confidentiality by proving the enhanced MA-ABE Scheme to be secured under the attribute based selective set model. It provides data confidentiality of the EHR against unauthorized users and the curious cloud service provider, while maintaining the collusion resistance against users up to N-2AAs.

Leave a Reply

Your email address will not be published. Required fields are marked *