Securing Public Health Records in Cloud Computing Patient Centric And Fine

Grained Data Access Control in Multi Owner Settings
CHAPTER 1
ABSTRACT
Personal health record (PHR is an emerging patient!centric model o" health in"ormation
e#change$ which is o"ten outsourced to be stored at a third part%$ such as cloud pro&iders'
Howe&er$ there ha&e been wide pri&ac% concerns as personal health in"ormation could be
e#posed to those third part% ser&ers and to unauthori(ed parties' )o assure the patients* control
o&er access to their own PHRs$ it is a promising method to encr%pt the PHRs be"ore outsourcing'
+et$ issues such as ris,s o" pri&ac% e#posure$ scalabilit% in ,e% management$ "le#ible access and
e""icient user re&ocation$ ha&e remained the most important challenges toward achie&ing "ine!
grained$ cr%ptographicall% en"orced data access control' -n this paper$ we propose a no&el
patient!centric "ramewor, and a suite o" mechanisms "or data access control to PHRs stored in
semi!trusted ser&ers' )o achie&e "ine!grained and scalable data access control "or PHRs$ we
le&erage ad&anced encr%ption standard (A.S techni/ues to encr%pt each patient*s PHR "ile'
Di""erent "rom pre&ious wor,s in secure data outsourcing$ we "ocus on the multiple data owner
scenario$ and di&ide the users in the PHR s%stem into multiple securit% domains that greatl%
reduces the ,e% management comple#it% "or owners and users' A high degree o" patient pri&ac%
is guaranteed simultaneousl% b% e#ploiting multi!authorit% A0.' Our scheme also enables
d%namic modi"ication o" access policies or "ile attributes$ supports e""icient on!demand
user1attribute re&ocation and brea,!glass access under emergenc% scenarios' .#tensi&e anal%tical
and e#perimental results are presented which show the securit%$ scalabilit% and e""icienc% o" our
proposed scheme
Department of Computer Science and Engineering
PDACE, Gulbarga Page 1
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
INTRODUCTION
-n recent %ears$ personal health record (PHR has emerged as a patient!centric model o" health
in"ormation e#change' A PHR ser&ice allows a patient to create manage$ and control her personal
health data in a centrali(ed place through the web$ "rom an%where and at an% time (as long as
the% ha&e a web browser and -nternet connection$ which has made the storage$ retrie&al$ and
sharing o" the medical in"ormation more e""icient' .speciall%$ each patient has the "ull control o"
his1her medical records and can e""ecti&el% share his1her health data with a wide range o" users$
including sta""s "rom health!care pro&iders$ and their "amil% members or "riends' -n this wa%$ the
accurac% and /ualit% o" care are impro&ed while the health!care cost is lowered' At the same
time$ cloud computing has attracted a lot o" attention because it pro&ides Storage!as!a!Ser&ice
and So"tware!as!a!Ser&ice$ b% which so"tware ser&ice pro&iders can en2o% the &irtuall% in"inite
and elastic storage and computing resources' As such$ the PHR pro&iders are more and more
willing to shi"t their PHR storage and application ser&ices into the cloud instead o" building
speciali(ed data centers$ in order to lower their operational cost' For e#ample$ two ma2or cloud
plat"orm pro&iders$ Google and Microso"t are both pro&iding their PHR ser&ices$ Google Health
and Microso"t Health 3ault$ respecti&el%' 4hile it is e#citing to ha&e PHR ser&ices in the cloud
"or e&er%one$ there are man% securit% and pri&ac% ris,s which could impede its wide adoption'
)he main concern is about the pri&ac% o" patients* personal health data and which could gain
access to the PHRs when the% are stored in a cloud ser&er' Since patients lose ph%sical control to
their own personal health data$ directl% placing those sensiti&e data under the control o" the
ser&ers cannot pro&ide strong pri&ac% assurance at all' First$ the PHR data could be lea,ed i" an
insider in the cloud pro&ider*s organi(ation misbeha&es due to the high &alue o" the sensiti&e
personal health in"ormation (PH-' A "amous incident$ a Department o" 3eterans A""airs database
containing sensiti&e PH- o56'7 million militar% &eterans$ including their social securit% numbers
and health problems was stolen b% an emplo%ee who too, the data home without authori(ation
859' Second$ since cloud computing is an open plat"orm$ the ser&ers are sub2ected to malicious
outside attac,s' For e#ample$ Google has reported attac,s to its Gmail accounts in earl% 5:;:'
Although there e#ist administrati&e regulations such as the Health -nsurance Portabilit% and
Accountabilit% Act o" ;<<6 (H-PAA 8=9$ technical protections that e""ecti&el% ensure the
con"identialit% o" and proper access PHR are still indispensable'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
1.1 Cloud computing Basic
4hat is Cloud Computing>
Cloud computing is -nternet based de&elopment and use o" computer technolog%' Cloud
computing is the practice o" using a networ, o" remote ser&ers hosted on the -nternet to store$
manage$ and process data$ rather than a local ser&er or a personal computer' -n concept$ -t is a
conceptual paradigm shi"t whereb% details are abstracted "rom the user who no longer need
,nowledge o"$ e#pertise in$ or control o&er the technolog% in"rastructure ?in the cloud? that
supports them' -t t%picall% in&ol&es the pro&ision o" d%namicall% scalable and o"ten &irtuali(ed
resources as a ser&ice o&er the -nternet' )he term cloud is used as a metaphor "or the -nternet$
based on how the -nternet is depicted in computer networ, diagrams and is an abstraction o" the
underl%ing in"rastructure it conceals' )%pical cloud computing ser&ices pro&ide common
business applications on line that are accessed "rom a web browser$ while the so"tware and data
are stored on the ser&ers'
)hese ser&ices are broadl% di&ided into three categories@
i' -n"rastructure as a Ser&ice (-aaS
ii' Plat"orm as a Ser&ice (PaaS$ and
iii' So"tware as a Ser&ice (SaaS
)he name cloud computing was inspired b% the cloud s%mbol that is o"ten used to represent the
-nternet in "low charts and diagrams'
?Cloud Computing? re"ers to the use o" -nternet based computer technolog% "or a &ariet% o"
ser&ices' -t is a st%le o" computing in which d%namicall% scalable and o"ten &irtuali(ed resources
are pro&ided as a ser&ice o&er the -nternet on a pa%!"or!use basis$ at a "raction o" the cost o"
pro&isioning a traditional Data Center based solution' All the costs associated with setting up a
data center such as procuring a building$ hardware$ redundant power suppl%$ cooling s%stems$
upgrading electrical suppl%$ and maintaining a separate Disaster Reco&er% site can be passed on
to a third part% &endor' Since the customer is charged onl% "or computer ser&ices used$ cloud
computing costs are a "raction o" traditional technolog% e#penditures
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Infastuctu! as a s!"ic! #IaaS$%
-n the most basic cloud!ser&ice model$ pro&iders o" -aaS o""er computers ! ph%sical or
(more o"ten &irtual machines ! and other resources' (A h%per&isor$ such as Aen or B3M$ runs
the &irtual machines as guests' Pools o" h%per&isors within the cloud operational support!s%stem
can support large numbers o" &irtual machines and the abilit% to scale ser&ices up and down
according to customersC &ar%ing re/uirements' -aaS clouds o"ten o""er additional resources such
as a &irtual!machine dis, image librar%$ raw (bloc, and "ile!based storage$ "irewalls$ load
balancers$ -P addresses$ &irtual local area networ,s (3DAEs$ and so"tware bundles' -aaS!cloud
pro&iders suppl% these resources on!demand "rom their large pools installed in data centers' For
wide!area connecti&it%$ customers can use either the -nternet or carrier clouds (dedicated &irtual
pri&ate networ,s'
)o deplo% their applications$ cloud users install operating!s%stem images and their
application so"tware on the cloud in"rastructure' -n this model$ the cloud user patches and
maintains the operating s%stems and the application so"tware' Cloud pro&iders t%picall% bill -aaS
ser&ices on a utilit% computing basis cost re"lects the amount o" resources allocated and
consumed'
.#amples o" -aaS pro&iders include@ Ama(on .C5$ A(ure Ser&ices Plat"orm'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 4
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Platfom as a s!"ic! #PaaS$%
-n the PaaS model$ cloud pro&iders deli&er a computing plat"orm t%picall% including
operating s%stem$ programming language e#ecution en&ironment$ database$ and web ser&er'
Application de&elopers can de&elop and run their so"tware solutions on a cloud plat"orm without
the cost and comple#it% o" bu%ing and managing the underl%ing hardware and so"tware la%ers'
4ith some PaaS o""ers$ the underl%ing computer and storage resources scale automaticall% to
match application demand such that cloud user does not ha&e to allocate resources manuall%'
.#amples o" PaaS include@ Cloud Foundr%$ OpenShi"t$ Google App .ngine$ 4indows A(ure
Cloud Ser&ices'
Soft&a! as a s!"ic! #SaaS$%
-n the SaaS model$ cloud pro&iders install and operate application so"tware in the cloud
and cloud users access the so"tware "rom cloud clients' Cloud users do not manage the cloud
in"rastructure and plat"orm where the application runs' )his eliminates the need to install and run
the application on the cloud userCs own computers$ which simpli"ies maintenance and support'
Cloud applications are di""erent "rom other applications in their scalabilit%Fwhich can be
achie&ed b% cloning tas,s onto multiple &irtual machines at run!time to meet changing wor,
demand' Doad balancers distribute the wor, o&er the set o" &irtual machines' )his process is
transparent to the cloud user$ who sees onl% a single access point'
)o accommodate a large number o" cloud users$ cloud applications can be multitenant$
that is$ an% machine ser&es more than one cloud user organi(ation' -t is common to re"er to
special t%pes o" cloud based application so"tware with a similar naming con&ention@ des,top as a
ser&ice$ business process as a ser&ice$ test en&ironment as a ser&ice$ communication as a ser&ice'
)he pricing model "or SaaS applications is t%picall% a monthl% or %earl% "lat "ee per user$ so
price is scalable and ad2ustable i" users are added or remo&ed at an% point'
.#amples o" SaaS include@ Google Apps$ Microso"t O""ice =67$ Onli&e$ G) Ee#us'
Cloud cli!nts%
Gsers access cloud computing using networ,ed client de&ices$ such as des,top
computers$ laptops$ tablets and smart phones' Some o" these de&ices ! cloud clients ! rel% on
cloud computing "or all or a ma2orit% o" their applications so as to be essentiall% useless without
it' .#amples are thin clients and the browser!based Chrome boo,' Man% cloud applications do
Department of Computer Science and Engineering
PDACE, Gulbarga Page 5
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
not re/uire speci"ic so"tware on the client and instead use a web browser to interact with the
cloud application' 4ith A2a# and H)MD7 these 4eb user inter"aces can achie&e a similar or
e&en better loo, and "eel as nati&e applications' Some cloud applications$ howe&er$ support
speci"ic client so"tware dedicated to these applications (e'g'$ &irtual des,top clients and most
email clients' Some legac% applications (line o" business applications that until now ha&e been
pre&alent in thin client 4indows computing are deli&ered &ia a screen!sharing technolog%'
1.' O()!cti"!
)he main ob2ecti&e o" the proposed s%stem is to pro&ide secure patient!centric PHR access and
e""icient ,e% management at the same time' )he ,e% idea is to di&ide the s%stem into multiple
securit% domains (namel%$ public Cloud and pri&ate Cloud according to the di""erent users* data
access re/uirements'
Distributed encr%ption and access polic% change
Role based access o" data
1.3 Scop! of t*! Stud+
)he proposed wor, will allow us to achie&e the goals in the di""erent scenarios li,e$ Hospital
Management$ Health Care 4ebsite$ Eational health data center$ an% time access o" medical data
Pri&ac% protection o" patients
1., E-isting S+st!m
-n the e#isting s%stem$ PHR model has multiple owners (patients who ma% encr%pt their records
according to their own wa%s' 0% using di""erent sets o" cr%ptographic ,e%s each user obtains
,e%s "rom e&er% owner who*s PHR has to be read would limit the accessibilit% since the patients
are not alwa%s online'
Another method is central authorit% to do the ,e% management on behal" o" all PHR owners
(patients$ this re/uires too much trust on single authorit%'
Disad"antag!s
Department of Computer Science and Engineering
PDACE, Gulbarga Page
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
;' )here ha&e been wide pri&ac% concerns as personal health in"ormation could be e#posed
to those third part% ser&ers and to unauthori(ed parties'
5' Eon!a&ailabilit% o" authori(ation "or the accessibilit% o" health records which leads to an
insecure data manipulation
1.. Popos!d S+st!m
A secured "ramewor, "or patient!centric in"ormation and a suite o" mechanisms "or data access
control to PHRs has been proposed' )o achie&e "ine!grained and scalable data access control "or
PHRs$ we le&erage ad&anced encr%ption standard (A.S techni/ues to encr%pt each patient*s
PHR "ile and use the securit% polic% to allow the access o" the data'
Ad"antag!s fo Popos!d S+st!m
)he proposed s%stem has the "ollowing ad&antages
 Pro&ides higher le&el Data con"identialit%
 On!demand re&ocation
 4rite access control
 Scalabilit% and usabilit%
 )o pro&ide user "riendl% en&ironment
 )o pro&ide eas% and "aster access in"ormation
 Huic,l% "ind out in"ormation o" patient details
 -t pro&ides an eas% plat"orm "or medical data sharing between healthcare and patient'
Applications
 Hospital Management
 Health Care 4ebsite
 Eational health data center
 An% time access o" medical data
 Pri&ac% protection o" patients
Department of Computer Science and Engineering
PDACE, Gulbarga Page !
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
1./ 0it!atu! su"!+
112 3u4 S.4 5ang4 C.4 R!n4 6.4 0ou4 5.% Ac*i!"ing s!cu!4 scala(l!4 and fin!7gain!d data
acc!ss contol in cloud computing. In% IEEE IN8OCO9 ':1: #':1:$
An e#tensi&e literature sur&e% is conducted to in&estigate the &arious approaches "or managing
the patient records' )o ,eep sensiti&e user data con"idential against un!trusted ser&ers$ e#isting
solutions usuall% appl% cr%ptographic methods b% disclosing data decr%ption ,e%s onl% to
Authori(ed users' -n order to achie&e secure scalable and "ine grained data access control in
Cloud Computing authors used the combination o" di""erent t%pes o" algorithms &i('$ Attribute
0ased .ncr%ption (A0.$ pro#% re!encr%ption$ and la(% re!encr%ption'
1'2 0iang4 ;.4 0u4 R.4 0in4 ;.4 S*!n4 ;.S.% Cip*! t!-t polic+ atti(ut! (as!d !nc+ption &it*
!ffici!nt !"ocation. T!c*nical R!pot4 Uni"!sit+ of 5at!loo #':1:$
A cipher te#t polic% attribute based encr%ption scheme with e""icient re&ocation$ construction
uses linear secret sharing and binar% techni/ues as underl%ing tools are used$ each user is
assigned a uni/ue identi"ier$ there"ore user can be easil% re&o,ed b% using his1her uni/ue
identi"ier'
1<2 C*as!4 9.4 C*o&4 S.S.% Impo"ing pi"ac+ and s!cuit+ in multi7aut*oit+ atti(ut!
(as!d !nc+ption. In% CCS '::=4 pp. 1'1>1<: #'::=$
Multi!authorit% A0. scheme speci"ies that multiple attribute!authorities monitor di""erent sets o"
attributes and issue corresponding decr%ption ,e%s to users$ and encr%ptors re/uires that a user
obtain ,e%s "or appropriate attributes "rom each authorit% be"ore decr%pting a message' Chase M'
et al'$ gi&en a solution which remo&es the trusted central authorit%$ and protects the users*
pri&ac%'
Department of Computer Science and Engineering
PDACE, Gulbarga Page "
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
1,2 B!nalo*4 ?.4 C*as!4 9.4 Ho"it@4 E.4 0aut!4 6.% Pati!nt contoll!d !nc+ption% !nsuing
pi"ac+ of !l!ctonic m!dical !cods. In% CCS5 '::=% Poc!!dings of t*! '::= AC9
&oAs*op on Cloud computing s!cuit+4 pp. 1:<>11, #'::=$
)he challenges o" preser&ing patients* pri&ac% in electronic health record s%stems$ securit% in the
s%stems should be en"orced &ia encr%ption as well as access control' Furthermore we argue "or
approaches that enable patients to generate and store encr%ption ,e%s$ so that the patients*
pri&ac% is protected should the host data center 0e compromised'
1.2 I(aimi4 0.4 Asim4 9.4 P!tAo"ic4 9.% S!cu! manag!m!nt of p!sonal *!alt* !cods (+
appl+ing atti(ut!7(as!d !nc+ption. T!c*nical R!pot4 Uni"!sit+ of T&!nt! #'::=$
A new &ariant o" a cipher te#t!polic% proposed b% Daun -braim et' al'$ comprises attributeIbased
encr%ption scheme to en"orce patient1organi(ational access control policies such that e&er%one
can download the encr%pted data but onl% authori(ed users "rom the social domain (e'g' "amil%$
"riends$ or "ellow patients or authori(ed users "rom the pro"essionals domain (e'g' doctors or
nurses are allowed to decr%pt it' )he con"identl% o" personal health records is a ma2or problem
when patients use commercial web!based s%stems to store their health data' )raditional access
control mechanisms$ such as Role!0ased Access control'
1/2 Bold+!"a4 A.4 Bo+al4 C.4 6uma4 C.% Id!ntit+7(as!d !nc+ption &it* !ffici!nt !"ocation.
In% CCS '::D4 pp. ,1E>,'/ #'::D$
)he Fu((% -0. primiti&e and binar% tree data structure$ and is pro&abl% secure' An -dentit%!
0ased encr%ption (-0. is an e#citing alternati&e to public ,e% encr%ption' As -0. eliminates the
need "or a public ,e% in"rastructure (PB-$ the senders using an -0. do not need to loo, up the
public ,e%s and the corresponding certi"icates o" the recei&ers'
Department of Computer Science and Engineering
PDACE, Gulbarga Page #
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
1E2 Atalla*4 9.?.4 8iAA!n4 6.B.4 Blanton4 9.% D+namic and !ffici!nt A!+ manag!m!nt fo
acc!ss *i!ac*i!s. In% CCS '::.4 pp. 1=:>':' #'::.$
the problem o" ,e% management in an access hierarch% has elicited much interest in the
literature' the hierarch% is modeled as a set o" partiall% ordered classes(represented as a directed
graph$ and a user who obtains access(i'e'$ a ,e% to a certain class can also obtain access to all
descendent classes o" her class through ,e% deri&ation' our solution to the abo&e problem has the
"ollowing properties@ (-ndiaonl% hash "unctions are used "or a node to deri&e a descendant* ,e%
"rom its own ,e%J (ii the space comple#it% o" the public in"ormation is the same as that o"
storing the hierarch%'
1D2Pi"ac+ p!s!"ing HER S+st!m Using Atti(ut! 7(as!d infastuctu!
S*i"aamaAis*na Naa+an 4 9atin Bagn!
-n the paper$ Author e#plore techni/ues which guarantees securit% and pri&ac% o" Medical data
stored in the cloud' 4e show how new primiti&es in attribute Ibased Cr%ptograph can be used o
construct a secure and pri&ac%!preser&ing H.R s%stems that .nables patients to share their data
among healthcare pro&iders in a "le#ible$ d%namic and Scalable manner'
1=2 Aut*oi@!d Pi"at! 6!+&od S!ac* O"! Enc+pt!d Data in Cloud Computing
9ing 0i 4 S*uc*!ng 3u4 Ning cao and 5!n)ing 0ou
-n this paper $using online Personal Health Record (PHR as a case stud%$ we "irst show )he
necessit% o" search capabilit% authori(ed that reduces the pri&ac% e#posure Resulting "rom the
search results$ and establish a scalable "ramewor, "or Authori(ed Pri&ate Be%word Search
(APBS o&er encr%pted cloud data' 4e then propose to no&el Solutions "or APBS based on a
recent cr%ptographic primiti&e$ Hierarchical Predicate .ncr%ption (HP.' Our solutions enable
e""icient multi!dimensional ,e%word searches 4ith range /uer%$ allow delegation and re&ocation
o" search capabilities 'More o&er$ we .nhance the /uer% pri&ac% which hides users* /uer%
,e%words against the ser&er' 4e -mplement our scheme on a modern wor,station$ and
e#perimental results demonstrate its Suitabilit% "or practical usage'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 1$
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
11:2 Aut*oi@!d Pi"at! 6!+&od S!ac* O"! Enc+pt!d P!sonal H!alt* R!cods in
Cloud Computing
9ing 0iF4 S*uc*!ng 3u+4 Ning CaoF
-n this paper $ Author "ormulate and address the problem o" authori(ed pri&ate ,e%word
Searches (APBS on encr%pted PHR in cloud computing en&ironment ' we "irst present a
Scalable an "ine!grained authori(ed "rame wor, "or searching on encr%pted PHR$ where users
Obtain /uer% capabilities "rom locali(ed trusted authorities according to their attributes $ 4hich
is highl% scalable with the user scale o" the s%stem' )hen we propose two no&els solutions For
APBS based on a recent cr%ptographic primiti&e$ hierarchical predicate encr%ption (HP.$ one
with enhanced e""icienc% and the other with enhanced /uer% pri&ac%' -n addition to document
pri&ac% and /uer% pri&ac%$ other salient "eatures o" our schemes include@ e""icientl% support
multi!dimensional$ multiple Be%word searches with simple range /uer% $allow delegation and
re&ocation o" search capabilities' 4e implement our scheme on a modern wor,station$
e#perimental results demonstrate its suitabilit% "or practical usage'
CHAPTER '
Department of Computer Science and Engineering
PDACE, Gulbarga Page 11
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
'.1 9odul!s
)he "ollowing three modules are
;' PHR Owner1 patient module
5' Data con"identialit% module
=' Cloud Ser&er module
1 PHR O&n!Gpati!nt modul!% )he main goal o" this module is to pro&ide secure patient!
centric PHR access and e""icient ,e% management at the same time' )he ,e% idea is to di&ide the
s%stem into multiple securit% domains (namel% public clouds and pri&ate clouds according to the
di""erent users* data access re/uirements'
PHR ser&ice pro&iders encr%pt patients* data$ PHR ser&ices should gi&e patients (PHR owners
"ull control o&er the selecti&e sharing o" their own PHR data'

' Data Confid!ntialit+ modul!% )he owners upload encr%pted PHR "iles to the ser&er' .ach
owner*s PHR "ile is encr%pted both under a certain "ine grained and role!based access polic% "or
users "rom the public clouds to access and under a selected set o" data attributes that allows
access "rom users in the pri&ate clouds' Onl% authori(ed users can decr%pt the PHR "iles'

< Cloud s!"! modul!% )he main "unction o" cloud ser&er is to create an inter"ace between the
application and users' )he authentication o" the user name and password is carried out' -" user is
authentic then he1she gets access to his1her records'
CHAPTER <
Department of Computer Science and Engineering
PDACE, Gulbarga Page 12
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
<.1 Ac*it!ctu!
Fig =';' S%stem Architecture
<.' Algoit*m Us!d
Ad&anced .ncr%ption Standard (A.S is a s%mmetric bloc, cipher which uses the same ,e%
"or both encr%ption and decr%ption' )he algorithm allows a &ariet% o" bloc, and ,e% si(es$ and
not 2ust the 6K and 76 bits o" D.S bloc, and ,e% si(es$ the bloc, and ,e% si(e can be chosen
"rom ;5L$ ;6:$ ;<5$ 55K$ 576 bitsM )he A.S standard states that the algorithm can onl% accept a
bloc, si(e o" ;5L bits and a choice o" three ,e%s ;5L$ ;<5$ 576 bits'
For encr%ption the number o" rounds depends on the chosen ,e% length' )he ,e% length ;5L bits
uses ;: round$ the ,e% length ;<5 bits uses ;5 round$ the ,e% length 576 bits uses ;K rounds'
Enc+ption@
.ach round consist o" "ollowing K stages
Department of Computer Science and Engineering
PDACE, Gulbarga Page 13
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
;' Substitution 0%tes
5' Shi"t Rows
=' Mi# columns
K' Add Round Be%
D!c+ption@
.ach round consists o" the "ollowing "our stages
;' -n&erse Shi"t rows
5' -n&erse Substitute b%tes
=' -n&erse Add Round Be%
K' -n&erse Mi# Columns
Step;@ )he substitute b%tes stage uses an s!bo# to per"orm a b%te!b%!b%te substitution o" the
bloc,$ there is a single L!bit wide s!bo# used on e&er% b%te$ this s!bo# is permutation o" all 576
L!bits &alues'
Step 5@ )he shi"t rows stage pro&ides a simple permutation o" the data$ -t per"orms the shi"ting
the rows o" the state arra% during "orward process$ circular rotate on each row o" :$;$5 and =
places "or respecti&e rows
Step =@ : Operates on each column individually, each byte is replaced by a value
dependent on all 4 bytes in the column
it per"orms the mi#ing up o" the b%tes in each column separatel%'
Step K@ )he add round ,e% stage which is simple bitwise AOR o" the current bloc, with a portion
o" the e#panded ,e%$
CHAPTER ,
Department of Computer Science and Engineering
PDACE, Gulbarga Page 14
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
REHUIRE9ENTS ENBINEERINB
,.1 Had&a! R!Iui!m!nts
)he hardware re/uirements ma% ser&e as the basis "or a contract "or the implementation
o" the s%stem and should there"ore be a complete and consistent speci"ication o" the whole
s%stem' )he% are used b% so"tware engineers as the starting point "or the s%stem design' -t should
what the s%stem do and not how it should be implemented'
Processor !Pentium I---
Speed ! ;'; Gh(
RAM ! 576 M0(min
,.' Soft&a! R!Iui!m!nts
Operating S%stem @ 4indows<71<L15:::1AP
Plat"orm@ @net
Danguage @ CN 1ASP' Eet
Database @ Cloud Ser&er
,.< 8unctional R!Iui!m!nts
A "unctional re/uirement de"ines a "unction o" a so"tware!s%stem or its component' A
"unction is described as a set o" inputs$ the beha&ior$ and outputs' )he proposed s%stem is
achie&ed b% creating a search engine which ma% decrease the searching time o" the user in the
semantic web and can able to gi&e a accurate result to the user'
CHAPTER .
Department of Computer Science and Engineering
PDACE, Gulbarga Page 15
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
DESIBN ENBINEERINB
..1 B!n!al
Design .ngineering deals with the &arious GMD 8Gni"ied Modeling language9 diagrams
"or the implementation o" pro2ect' Design is a meaning"ul engineering representation o" a thing
that is to be built' So"tware design is a process through which the re/uirements are translated into
representation o" the so"tware' Design is the place where /ualit% is rendered in so"tware
engineering' Design is the means to accuratel% translate customer re/uirements into "inished
product'
..' Us! Cas! Diagam
A use case diagram is a t%pe o" beha&ioral diagram created "rom a Gse!case anal%sis' )he
purpose o" use case is to present o&er&iew o" the "unctionalit% pro&ided b% the s%stem in terms o"
actors$ their goals and an% dependencies between those use cases'
-n the below diagram se&en use cases are depicted' )he% are used to search result using CS)
methods'
ADMIN
PATIENT
Department of Computer Science and Engineering
PDACE, Gulbarga Page 1
EN!"PT#DE!"PT
IN$E!T#%PDATE
&IE' PATIENT DATA
MA
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings

(O%D MANA)E!
Fig 7'5 Gse case Diagram
..< Dataflo& Diagam
A data "low diagram (DFD is a graphical representation o" the O"lowP o" data through an
in"ormation s%stem' -t di""ers "rom the "lowchart as it shows the data "low instead o" the control
"low o" the program' A data "low diagram can also be used "or the &isuali(ation o" data
processing' )he DFD is designed to show how a s%stem is di&ided into smaller portions and to
highlight the "low o" data between those parts'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 1!
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig' 7'= data"low diagram
.., S!Iu!nc! Diagam
A se/uence diagram in GMD is a ,ind o" interaction diagram that shows how processes
operate with one another and in what order' -t is a construct o" a message se/uence chart'
Se/uence diagrams are sometimes called .&ent!trace diagrams$ e&ent scenarios$ and timing
diagrams' )he below diagram shows the se/uence "low o" the Parallel data Processing in )he
Cloud
Department of Computer Science and Engineering
PDACE, Gulbarga Page 1"
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig'7'K Se/uence Diagram "or

Department of Computer Science and Engineering
PDACE, Gulbarga Page 1#
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
CHAPTER /
RESU0TS AND DISCUSSIONS
)he "ollowing "igures e#plains about cloud Ser&ices
i. Ser&ice Pro&ider
 4indow Ser&ice Pro&ider
 SHD Ser&ice Pro&ider
 Document Ser&ice Pro&ider
)o access these ser&ices user has to be register into the cloud through Gser registration
-nter"ace'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2$
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
/.1 Us!GPati!nt R!gistation
Fig 6'; Gser1Patient Registration
/.' Us!GPati!nt 0ogin
Department of Computer Science and Engineering
PDACE, Gulbarga Page 21
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'5 Gser1Patient Dogin
Description@ the "igure shows user1patient can login into cloud b% pro&iding his username and
password
Department of Computer Science and Engineering
PDACE, Gulbarga Page 22
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
/.< Admin 0ogin
Fig 6'= Admin Dogin
/., Enc+pt Pati!nt Info
Department of Computer Science and Engineering
PDACE, Gulbarga Page 23
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'K .ncr%pt Patient -n"o
/.. Ins!t Pati!nt Info
Department of Computer Science and Engineering
PDACE, Gulbarga Page 24
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'7 insert Patient -n"o
/./ Ci!& All Pati!nts
Department of Computer Science and Engineering
PDACE, Gulbarga Page 25
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'6 3iew All Patients
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
/.E Enc+ption Poc!ss
Fig 6'Q .ncr%ption Process
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2!
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'L 0rowse image
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2"
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6'< upload the image
Department of Computer Science and Engineering
PDACE, Gulbarga Page 2#
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6';: s,%dri&e permission
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3$
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6';; -mage Sa&ed -n Cloud
Department of Computer Science and Engineering
PDACE, Gulbarga Page 31
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6';5 .ncr%ption )ime
Department of Computer Science and Engineering
PDACE, Gulbarga Page 32
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
/.D D!c+ption poc!ss
Fig 6';= Admin Dogin
Department of Computer Science and Engineering
PDACE, Gulbarga Page 33
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6';K Download and Decr%pt
Department of Computer Science and Engineering
PDACE, Gulbarga Page 34
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Fig 6';7Decr%ption )ime
Department of Computer Science and Engineering
PDACE, Gulbarga Page 35
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
P!fomanc!.
Ima*e si+e in pi,els
Fig 6';6@ A line graph o" encr%ption and upload time(sec &erses image si(e in pi#els
'
CHAPTER E
SO8T5ARE TESTINB
E.1 B!n!al
)he purpose o" testing is to disco&er errors' )esting is the process o" tr%ing to disco&er
e&er% concei&able "ault or wea,ness in a wor, product' -t pro&ides a wa% to chec, the
"unctionalit% o" components$ sub assemblies$ assemblies and1or a "inished product -t is the
process o" e#ercising so"tware with the intent o" ensuring that the So"tware s%stem meets its
re/uirements and user e#pectations and does not "ail in an unacceptable manner' )here are
&arious t%pes o" test' .ach test t%pe addresses a speci"ic testing re/uirement'
E.' D!"!loping 9!t*odologi!s
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
)he test process is initiated b% de&eloping a comprehensi&e plan to test the general
"unctionalit% and special "eatures on a &ariet% o" plat"orm combinations' Strict /ualit% control
procedures are used'
)he process &eri"ies that the application meets the re/uirements speci"ied in the s%stem
re/uirements document and is bug "ree' )he "ollowing are the considerations used to de&elop the
"ramewor, "rom de&eloping the testing methodologies'
E.<T+p!s of T!sts
E.<.1 Unit t!sting
Gnit testing in&ol&es the design o" test cases that &alidate that the internal program logic
is "unctioning properl%$ and that program input produce &alid outputs' All decision branches and
internal code "low should be &alidated' -t is the testing o" indi&idual so"tware units o" the
application 'it is done a"ter the completion o" an indi&idual unit be"ore integration' )his is a
structural testing$ that relies on ,nowledge o" its construction and is in&asi&e' Gnit tests per"orm
basic tests at component le&el and test a speci"ic business process$ application$ and1or s%stem
con"iguration' Gnit tests ensure that each uni/ue path o" a business process per"orms accuratel%
to the documented speci"ications and contains clearl% de"ined inputs and e#pected results'
E.<.' 8unctional t!st
Functional tests pro&ide s%stematic demonstrations that "unctions tested are a&ailable as
speci"ied b% the business and technical re/uirements$ s%stem documentation$ and user manuals'
Functional testing is centered on the "ollowing items@
3alid -nput @ identi"ied classes o" &alid input must be accepted'
-n&alid -nput @ identi"ied classes o" in&alid input must be re2ected'
Functions @ identi"ied "unctions must be e#ercised'
Output @ identi"ied classes o" application outputs must be e#ercised'
S%stems1Procedures@ inter"acing s%stems or procedures must be in&o,ed'
E.<.< S+st!m T!st
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3!
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
S%stem testing ensures that the entire integrated so"tware s%stem meets re/uirements' -t
tests a con"iguration to ensure ,nown and predictable results' An e#ample o" s%stem testing is the
con"iguration oriented s%stem integration test' S%stem testing is based on process descriptions
and "lows$ emphasi(ing pre!dri&en process lin,s and integration points'
E.<., P!fomanc! T!st
)he Per"ormance test ensures that the output be produced within the time limits$and the
time ta,en b% the s%stem "or compiling$ gi&ing response to the users and re/uest being send to
the s%stem "or to retrie&e the results'
E.<.. Int!gation T!sting
So"tware integration testing is the incremental integration testing o" two or more
integrated so"tware components on a single plat"orm to produce "ailures caused b% inter"ace
de"ects' )he tas, o" the integration test is to chec, that components or so"tware applications$ e'g'
components in a so"tware s%stem or I one step up I so"tware applications at the compan% le&el I
interact without error'
E.<./ Acc!ptanc! T!sting
Gser Acceptance )esting is a critical phase o" an% pro2ect and re/uires signi"icant
participation b% the end user' -t also ensures that the s%stem meets the "unctional re/uirements'
Acceptance testing "or Data S%nchroni(ation@
• )he Ac,nowledgements will be recei&ed b% the Sender Eode a"ter the Pac,ets are
recei&ed b% the Destination Eode'
• )he Route add operation is done onl% when there is a Route re/uest in need
• )he Status o" Eodes in"ormation is done automaticall% in the Cache Gpdation process
E.<.E Build t*! t!st plan
An% pro2ect can be di&ided into units that can be "urther per"ormed "or detailed
processing' )hen a testing strateg% "or each o" this unit is carried out' Gnit testing helps to
identit% the possible bugs in the indi&idual component$ so the component that has bugs can be
identi"ied and can be recti"ied "rom errors'
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3"
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
CHAPTER D
CONC0USION
)he proposed method o&ercomes the drawbac,s o" the e#isting s%stem and pro&ides higher
securit% le&el b% using Ad&anced .ncr%ption Standard (A.S encr%ption algorithm' )his
approach allows the users to maintain the data in a secured cloud en&ironment b% meeting the
goals li,e data con"identialit%$ write access control$ on!demand re&ocation$ etc'
-t also ma,es sure that the secret data o" the patient is accessed and used b% onl% authori(ed
persons$ pro&iding highest le&el o" securit%$ )he main motto o" the patient centric model is that
the share the personal health records o" the patient with ma#imum securit%$
patient centric concept$ patients will ha&e complete control o&er encr%pting their PHR "iles to
allow "ine!grained access'
'

RE8ERENCES
Department of Computer Science and Engineering
PDACE, Gulbarga Page 3#
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
-./ "u, $0, 'an*, 0, !en, 10, (ou, '0: Achievin* secure, scalable, and 2ne3*rained
data access control in cloud computin*0 In: IEEE IN4OOM 56.6 756.68
-5/ (ian*, 90, (u, !0, (in, 90, $hen, 90$0: ipher te,t policy attribute based encryption
:ith e;cient revocation0 Technical !eport, %niversity o< 'aterloo 756.68
-=/ hase, M0, ho:, $0$0: Improvin* privacy and security in multi3authority attribute
based encryption0 In: $ 566>, pp0 .5.?.=6 7566>8
-4/ @enaloh, A0, hase, M0, Borvit+, E0, (auter, 10: Patient controlled encryption:
ensurin* privacy o< electronic medical records0 In: $' 566>: Proceedin*s o< the
566> AM :orCshop on loud computin* security, pp0 .6=?..4 7566>8
-D/ Ibraimi, (0, Asim, M0, PetCovic, M0: $ecure mana*ement o< personal health
records by applyin* attribute3based encryption0 Technical !eport, %niversity o<
T:ente 7566>8
-E/ @oldyreva, A0, )oyal, &0, 1umar, &0: Identity3based encryption :ith e;cient
revocation0 In: $ 566F, pp0 4.G?45E 7566F8
-G/ Atallah, M0A0, 4riCCen, 10@0, @lanton, M0: Dynamic and e;cient Cey mana*ement
<or access hierarchies0 In: $ 566D, pp0 .>6?565 7566D8
Department of Computer Science and Engineering
PDACE, Gulbarga Page 4$
Securing Public Health Records in Cloud Computing Patient Centric And Fine
Grained Data Access Control in Multi Owner Settings
Department of Computer Science and Engineering
PDACE, Gulbarga Page 41