Professional Documents
Culture Documents
net/publication/261057201
CITATIONS READS
26 1,106
3 authors, including:
Changji Wang
Guangdong University of Foreign Studies
141 PUBLICATIONS 3,699 CITATIONS
SEE PROFILE
All content following this page was uploaded by Changji Wang on 02 May 2015.
Abstract—It is the current trend for healthcare authorities as their health knowledge. At the same time, PHR systems
well as healthcare service providers to deploy cloud computing help clinicians make better treatment decisions by providing
platform. In this paper, we describe our work on designing and more continuous data. PHR systems can also benefit the
implementing a patient-centric, personal health record cloud
platform based on open-source Indivo X system. We adopt public health sector by providing health monitoring, outbreak
ciphertext-policy attribute-based encryption to provide privacy monitoring, empowerment, linking to services, and research.
protection and fine-grained access control. PHR systems can give consumers the potential to play a large
Keywords-Personal Health Record; Electronic Medical Record; role in protecting and promoting the public’s health [1].
Access Control; Ciphertext-Policy Attribute-Based Encryption; Cloud computing is one of the most challenging technolog-
Indivo X. ical models, which enables convenient, on-demand network
access to a shared pool of configurable computing resources
I. I NTRODUCTION (e.g., networks, servers, storage, applications, and services)
It is widely accepted that the application of information and that can be rapidly provisioned and released with minimal
communication technologies in the healthcare environment management effort or service provider interaction [2].
will improve care delivery greatly. It can enhance citizen’s According to a report from Gartner [3], there is an ac-
health, but also including well-being and social care. More- celeration of adoption of cloud computing among enterpris-
over, it increases subjects’ quality of life and independence as es. Gartner predicted that worldwide cloud service revenues
well as reducing rising healthcare costs in an ageing society. would reach 148.8 billion USD by 2014, with large part from
Recent trends in healthcare delivery have led to a shift the healthcare cloud computing market. National and regional
from electronic health record (EHR) systems controlled by healthcare authorities as well as healthcare service providers
healthcare providers to personal health record (PHR) systems have shown great interests, and are already taking first steps
controlled by patients themselves. PHR systems allow patients towards the deployment of cloud computing. Cloud computing
to create, manage and control their PHRs through the Internet, can help healthcare providers focus more on increasing quality
which made it possible to easily access their health data and of delivered healthcare instead of managing their IT. This is
share their health data to health care providers, insurance especially important for smaller hospitals, community care and
practitioners, researchers, family members and friends. The physician practices. Cloud computing simplifies information
health data on a PHR can be considered as a complete and sharing among various healthcare institutions involved in the
accurate summary of an individual’s medical history and health care process.
status. On one hand, individuals can import their health records Moving the infrastructure and sensitive patient data from
which may include medical history, laboratory and imaging hospitals to the cloud can pose severe security and privacy
results, list of medical problems, medication history from risks. Some information in a PHR is considered private and
hosptial EHR systems. On the other hand, individuals can sensitive. To preserve patients from social embarrassment,
also upload health measurements from their devices such as prejudice or unfair job opportunities, information such as
wireless electronic weighing scales or collected passively from fertility, emotional and psychological disorders, sexual be-
a smartphone. haviors or physical abuse etc. should be highly protected.
PHR systems can serve as an information hub for patients’ In traditional access control system, sensitive data is often
health management by helping patients keep track of their protected by the trusted storage servers whose job it is to
personal health information, relate accurate history during mediate access to data. However, users may be unwilling to
clinical encounters, check for drug interactions, and eliminate trust third party cloud storage servers with sensitive data in
unnecessary duplication of laboratory tests and diagnostic cloud storage paradigm. To assure the patients’ control over
studies. With PHR systems, patients can have access to a wide access to their own PHRs, it is a promising method to encrypt
range of health information resources, as well as improving the PHRs before outsourcing. Recent proposals on enforcing
9
the authorized sets, and the sets not in A are called the • Phase 2. Phase 1 is repeated with the restriction that
unauthorized sets [8][10]. none of sets of attributes Ωq1 +1 , . . . , Ωq satisfy the access
In our context, the role of the parties is taken by the structure corresponding to the challenge.
attributes. Thus, the access structure A will contain the autho- • Guess. The adversary outputs a guess b of b.
rized sets of attributes. We restrict our attention to monotone The advantage of an adversary A in this game is defined as
access structures. Pr[b = b] − 12 . We note that the model can easily be extended
B. Syntax for CP-ABE Scheme to handle chosen-ciphertext attacks by allowing for decryption
queries in Phase 1 and Phase 2.
A CP-ABE scheme is specified by four polynomial algo-
rithms as follows [9]. Definition 1. A CP-ABE scheme is secure if all polynomial
• Setup(1 )
λ
→ (params, msk): The probabilistic time adversaries have at most a negligible advantage in the
polynomial-time (PPT) setup algorithm takes as input a above game.
security parameter λ. It outputs the public parameters III. ARCHITECTURE OF PHR CLOUD PLATFORM
params and the master secret key msk which is only
to the trusted attribute authority (AA). We identify the main security requirements for PHR cloud
• Encrypt(params, m, A) → c: The PPT encryption al-
platform as follows.
gorithm takes as input the public parameters params, a • Confidentiality of health data in storage and transit:
message m together with the access structure A specified By confidentiality we mean the cloud provider or an
by the sender. It outputs ciphertext c encrypted under the adversary will not be able to read patients’ PHR data.
access structure A. Therefore, the patient’s PHR data have to be encrypted
• KeyGen(params, msk, ω) → SKω : The PPT key gen- before it is upload to PHR cloud.
eration algorithm is an interactive protocol between the • Integrity of health data: By integrity we mean to preserve
AA and the user. The common input to AA and the user the accuracy and consistency of data. In the PHR cloud
are the public parameters params, the set of attributes platform, integrity refers to the fact that PHR data has
ω which the user owns, and the private input to the AA not been tampered by unauthorized use. Integrity can be
is the master secret key msk. At last, the user receives a achieved by cryptographic hash function.
decryption key SKω associated with the set of attributes • Authenticity of health data: By authenticity, we mean
sages m0 and m1 . In addition the adversary gives a longer valid, this user can’t decrypt any PHR data even
challenge access structure A∗ such that none of the sets if they were supposed to.
Ω1 , . . . , Ωq1 from Phase 1 satisfy the access structure. There are five participants in PHR cloud platform: health
The challenger flips a random coin b, and encrypts mb care provider, cloud service provider, attribute authority, PHR
under A∗ . The ciphertext c is given to the adversary. owner (patient), and PHR viewer.
10
with logical AND operation.
• Decrypt: The encrypted PHR data can be accessible by
everyone from cloud. Decryption is only possible if and
only if the set of attributes corresponding to the PHR
viewer’s private key satisfy the access policy embedded
in the ciphertext. The PHR viewer can first get the content
encryption key by running Decrypt algorithm of CP-ABE
scheme, and then he can get plaintext PHR data using the
content encryption key.
IV. IMPLEENTATION OF PHR CLOUD PLATFORM
We implement a secure PHR cloud platform using CP-
Fig. 1. System architecture and workflow ABE based on Indivo X [19]. We change the data storage
architecture and sharing mechanism of original PHA (Personal
Health Application), and a new Indivo API calls are added and
It is important to assume that the cloud service providers a Python ABE library named pyabelib is built [20].
are semi-trusted (i.e., honest but curious, HBC), which means It is important to choose a proper attribute set for designing
that cloud service providers would try to find out as much a PHR cloud platform. In previous PHR systems using ABE
information as possible while following the protocol. The [12][13][14][15][16][17], they simply choose user’s Work-
purpose is to enable patients to control the distribution and place or Occupation as attributes. To provide more expressive
use of their PHR data. As a provisional mitigation solution to policy, we define { Name, Date of Birth (DOB), Gender,
this, PHR data needs to be encrypted before uploading to the Marriage status, Occupation, Workplace, Address, Key
cloud. The protection mechanism needs to ensure that patient’s Expiration } as the set of attributes. The attribute Key Ex-
data can only be decrypted by authorized parties according to piration is not a user-specified attribute, which is set by the
the patient’s policy and consent. AA to provide key revocation.
Fig. 1 shows the system architecture of the proposed PHR According to the Waters’ CP-ABE scheme [10], there are
cloud platform where the patient can securely manage his/er two types of attributes: numerical type and non-numerical
health records using the CP-ABE scheme. In the following we type. The numerical type is specified as attr = value, where
explain the interactions that occur in the system. attr is the name of attribute and value is a non-negative integer
• System Setup: AA runs Setup algorithm of Waters’ CP- less than 264 . The non-numerical attributes can be any string
ABE scheme, it outputs the public parameters params of digits, letters and underscores, beginning with a letter.
and the master secret key msk which is kept by AA In order to preserve user’s attribute privacy, we only regard
secretly. Name as non-numerical attribute, while the rest are regarded
• Generate PHR: PHR owner gets original electronic as numerical form in attribute storage. Another reason is that
medical record (EMR) from health care provider, then patient may treat Occupation = Doctor and Occupation =
constructs PHR data based on EMR data and other data. Physician as the same meaning, but they are two different
• Encrypt: It’s not suitable using CP-ABE to encrypt the non-numerical attributes in the KeyGen algorithm. If a patient
PHR data for efficiency reasons. Instead, PHR owner first encrypted a PHR with attribute Occupation = Doctor, and
generates a AES key at random as content encryption key, a doctor gets his private key associated with Occupation =
and encrypts the PHR data using the content encryption Physician, then in this case, he couldn’t decrypt the PHR,
key. PHR owner then sets access policy and encrypt the which is supposed to be done. So we convert these non-
content encryption key using CP-ABE scheme under the numerical style attributes to numerical ones to avoid such
access policy. kinds of decryption failure. For example, we convert attribute
• KeyGen: User send a request for attribute private key DOB into Age as numerical type. We treat attributes Gender,
along with his credentials to the AA. The AA adminis- Marriage and Occupation as enumerated data types, like
trator verifies and marks these requests as ”approved” or “0” represents Female, and “1” stands for Male. For the at-
”denied”. For the ”approved” request, AA administrator tributes Workplace and Address, we organize it as (Country,
signs the request with his private key as qualified request Province, City, Workplace/Address).
and sends it to the AA server. Then AA server verifies sig- We assign a unique id for each concrete attribute, and
natures for requests approved by AA administrator, runs every table has a foreign key referencing the corresponding
the KeyGen algorithm of CP-ABE scheme and delivers id. The attributes Workplace and Address would have their
the private key corresponding to the set of attributes to own id. We can convert all attributes to numerical form by
the user. Currently the revocation for CP-ABE schemes above method. We only store attributes Gender, Marriage,
is not very robust [11], we adopt the idea of expiration to Occupation, Workplace and Address in Indivo X Server. These
solve this problem. AA generates a new access policy by attributes are public and irrelevant to user’s identity. AA must
adding expiration attribute to the original access policy get these five ids from Indivo X Server during the phase of
11
let the cloud encrypt or decrypt PHR directly. We create a
client plugin using PyQt framework to execute Encrypt and
Decrypt step. The PHA for encrypting and sharing should
follow OAuth protocol as well [20].
The PHA for encrypting just lets patient choose PHR and
set encrypted PHR name, access policy and keywords, then
invokes the client plugin to complete encrypting operation.
The sharing mechanism of Indivo X is improved to provide
fine-grained security. In our improved sharing PHA, once a
user enables it, it means that this user allows to share his
PHR with those who also enabled PHR sharing PHA.
After authorized, user could get a list which contains other
people’s encrypted PHR. User can choose one he wants to
Fig. 2. User view and decrypt encrypted PHR
view, then download the PHR and try to decrypt it, as shown
in Fig 2. If the set of attributes corresponding to the user’s
key generation. We add one new Indivo API to complete this private key satisfy the access policy which is embedded in the
conversion. encrypted PHR, he can successfully decrypt it.
Access policy is specified by PHR owner and is embedded
in the ciphertext, which can be expressed by logical operations V. EVALUATION OF PHR CLOUD PLATFORM
AND, OR, and OF. It also supports comparison operators, such Compared with Indivo X, our system has little influence on
as =, <, ≤, > and ≥ for numerical attribute expression. For the server side. We have added some new Indivo X style APIs
example, a policy could be “Doctor AND 2 OF (Age > 30, following its security protocol strictly, in order to make Indivo
Male OR Female, Children hospital)”. X backend server support new encrypted PHR storage format.
Indivo X is using Python as its programming language. To The encryption and decryption steps are executed at client side,
facilitate backend servers and clients invoking ABE functions, so it is supposed that Indivo X server won’t have additional
we build the Python version pyabelib based on libfenc [21], overhead. Here we mainly measure pyabelib performance and
which is a C library of ABE. Considering pyabelib’s perfor- then compare it with libfenc. The client side will load params
mance, we use C to complete all of the computational work, from cached files, and AA also need to load params and msk
and make calls using Python. from local files, it is necessary to consider the I/O cost of
The original Indivo X Server stores patient’s PHR in XML reading files. Therefore, we give a total execution period for
plaintext. To support CP-ABE scheme, we create a new XSD each Encryption, Decryption and KeyGen step including the
(XML Schema Definition) to replace the original XSD, which cost of reading files, meanwhile, we also calculate the actual
is depicted as follows. computation period in each step, excluding that cost.
<?xml version="1.0" encoding="ISO-8859-1"?> In Waters CP-ABE scheme, each non-numerical attribute
<schema xmlns="http://www.w3.org/2001/ corresponds to only one leaf node in access structure, but
XMLSchema:elementFormDefault="qualified"> numerical form may have more leaf nodes, thus we use the
<element name="Abe_document"> number of leaf nodes instead of the number of attributes as
<complexType> X-axis. Y -axis is each step’s time overhead.
<sequence> We randomly create 50 attribute sets, only using non-
<element name="Name" type="string" numerical form. For the i-th attribute set, it contains i at-
minOccurs="1" maxOccurs="1"/> tributes, same as leaf nodes. In Encryption, to make sure
<element name="Content" type="string" every leaf node is visited, we only use AND gate in the
minOccurs="1" maxOccurs="1"/> policy. The we encrypt the same PHR plaintext using the
<element name="KeyWord" type="string" pre-created attribute sets starting from 1 to 50. For instance,
minOccurs="0" maxOccurs="1"/> we first create some attribute sets: {a1001}, {a1001, b1002},
<element name="Policy" type="string" {a1001, b1002, c1003}. Then we convert them into “a1001”,
minOccurs="0" maxOccurs="1"/> “a1001 and b1002”, “a1001 and b1002 and c1003” as the input
</sequence> in Encryption. We run this procedure 10 times to get the mean
</complexType> value.
</element> In KeyGen, we also randomly create 50 attribute sets same
</schema> as above. Then we use these attribute sets to generate SKω .
We run it 10 times as well to calculate the average cost of
In the new XML, patients can specify custom PHR name,
KeyGen.
concrete access policy, and keywords used for searching. The
“Content” element is encrypted PHR. In Decryption, the content encryption key (AES encryption
To achieve high level of data confidentiality, we won’t key) is set to 128-bit, which means the size of ciphertext is
12
Fig. 4. Evaluation of pyabelib: Encryption
Fig. 3. Evaluation of pyabelib: Key Generation
13
[5] D. Boneh and M. K. Franklin, Identity-based encryption from the Weil
pairing, In CRYPTO 2001, LNCS 2139, Springer-Verlag, pp. 213–229,
2001.
[6] A. Sahai and B. Waters, Fuzzy Identity Based Encryption. In EURO-
CRYPT 2005, LNCS 3494, Springer-Verlag, pp. 457–473, 2005.
[7] V. Goyal, O. Pandey, A. Sahai and B. Waters, Attribute Based Encryption
for Fine-Grained Access Conrol of Encrypted Data, In Proceedings of
the 13th ACM conference on Computer and Communications Security,
pp. 89-98, 2006.
[8] R. Ostrovsky, A. Sahai and B. Waters, Attribute-Based Encryption with
Non-Monotonic Access Structures, In Proceedings of the 14th ACM
Conference on Computer and Communications Security, pp. 195–203,
2007.
[9] J. Bethencourt, A. Sahai and B. Waters, Ciphertext-policy attribute-
based encryption, In IEEE Symposium on Security & Privacy, pp. 321–
334, 2007.
[10] B. Waters, Ciphertext-Policy Attribute-Based Encryption: An Expressive,
Efficient, and Provably Secure Realization, In 14th International Con-
ference on Practice and Theory in Public Key Cryptography, Springer-
Verlag, LNCS 6571, pp. 53–70, 2011.
[11] C. Yin and R. Zhang, Access Control for the Smart Meters Based on
ABE, In 2011 International Conference on Cyber-Enabled Distributed
Computing and Knowledge Discovery, pp. 79-82, 2011.
[12] L. Ibraimi, M. Asim, M. Petkovic, Secure Management of Personal
Health Records by Applying Attribute-Based Encryption, In 6th In-
ternational Workshop onWearable Micro and Nano Technologies for
Personalized Health (pHealth), pp. 71-74, 2009.
[13] M. Li, S. Yu, K. Ren and W. Lou, Securing Personal Health Records
in Cloud Computing: Patient-centric and Fine-grained Data Access
Control in Multi-owner Settings, In Security and Privacy in Communi-
cation Networks 6th Iternational ICST Conference, SecureComm 2010,
Singapore, Springer, vol.50, pp. 89–106, 2010.
[14] S. Narayan, M. Gagné and R. Safavi-Naini, Privacy Preserving EHR
System Using Attribute-based Infrastructure, CCSW 2010, pp. 47–52,
2010.
[15] J. A. Akinyele, M. W. Pagano, M. D. Green, C. U. Lehmann, Z. N.
J. Peterson, A. D. Rubin, Securing Electronic Medical Records Using
Attribute-Based Encryption On Mobile Devices, In Proceedings of the
1st ACM workshop on Security and privacy in smartphones and mobile
devices, Chicago, pp. 75–86, 2011.
[16] Y. Zheng, Privacy-Preserving Personal Health Record System Using
Attribute-Based Encryption, MS thesis, Worcester Polytechnic Institute,
2011.
[17] M. Li, S. C. Yu, Y. Zheng, K. Ren, and W. J. Lou, Scalable and Secure
Sharing of Personal Health Records in Cloud Computing using Attribute-
based Encryption, IEEE Transactions on Parallel and Distributed Sys-
tems, accepted, 2012.
[18] A. Mohan, D. Bauer, D. M. Blough, M. Ahamad, B. Bamba, R. Krish-
nan, L. Liu, D. Mashima, B. Palanisamy, A Patient-centric, Attribute-
based, Source-verifiable Framework for Health Record Sharing, GIT
CERCS Technical Report No. GIT-CERCS-09-11, 2009.
[19] K. D. Mandl, W. W. Simons, W. C. Crawford, J. M. Abbett, Indivo: a
personally controlled health record for health information exchange and
communication, BMC Med Inform Decis Mak, 7(25), pp. 1–10, 2007.
[20] Personally Controlled Health Record (PCHR) system using
Attributed-Based Encryption Project, The pyabelib toolkit,
https://code.google.com/p/abe-pchr/.
[21] The Functional Encryption Library, http://code.google.com/p/libfenc/
14